New Windows Trojan Utilizes People’s Computers as Proxy Servers by Planting on them TeamViewer

Backdoors generally use TeamViewer remote control software for gaining illegitimate admission into tainted PCs. But, one fresh Trojan named BackDoor.TeamViewer.49 utilizes the software program for reasons apart the general.

Researchers from Doctor Web discovered that BackDoor.TeamViewer.49 is clandestinely planted on PCs with the aid of another malware known as Trojan.MuDrop6.39210, which's actually false Adobe Flash Player update.

The executable loads Trojan MuDrop on Windows-PC, even as the file saves the Trojan onto the computer's hard disk devoid of the user's awareness, after which it runs the fake flash player every 3-secs while erases the already deployed true Flash Player. Moreover, at the time of loading, one real Flash Player installer window gets exhibited on computer screen.

And while it isn't unknown of TeamViewer being planted on contaminated systems, the criminals in the present case rather than utilize it for logging inside the victim's computer, utilize it for some other purpose, claims Dr. Web. Softpedia.com posted this, May 26, 2016.

Dr. Web researchers explain that after BackDoor.TeamViewer.49 completes its registration within autorun, it operates within unending loop although at predetermine time-intervals. This' done to assign the executable file-contained folder the configuration and malevolent library files, appending to them attributes such as "system" and "hidden." However, incase these attributes can't be assigned then the Trojan begins eliminating each-and-every TeamViewer key that is inside system registry.

One more library in encrypted form is integrated into the Trojan while it executes sinister activity of making a connection with the server while authorizing it and diverting its traffic onto criminals' server via the contaminated PC, thereby enabling the crooks to stay anonymous online.

Dr. Web states, the Trojan's key task is for working like one Web proxy, collecting the inbound e-traffic from command and control server, channeling the same online thereby effectively disguising true IP of the criminals.

Spokesperson for TeamViewer elaborates that while it's necessary to examine the entire thing closely, the main problem relates to planting of malware. For, by infecting a system, attackers can perform any activity through that particular device. Also, based upon the malware's intricacy, the whole machine can be captured, information stolen and/or manipulated, etc.

» SPAMfighter News - 6/1/2016