Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


BackDoor.TeamViewer Utilizes Team Viewer for Intercepting Users’ Traffic

BackDoor.TeamViewerENT.1 a backdoor Trojan is the latest to load genuine Team Viewer components onto target systems to aid in monitoring potentially victimized end-users. The discoverer of the malware, Dr Web says its existence and evolution dates since 2011 and the malware is described as SpyAgent.

Similar as the earlier variant BackDoor.TeamViewer.49, the current one BackDoor.teanViewerENT.1 contains several components. But the two have a difference. The earlier used Team Viewer for installing certain malevolent library onto the target PC's memory, whereas the current variant employs Team Viewer for spying on end-users.

While BackDoor.TeamViewer.49 had no function of stealing data, the BackDoor.TeamViewerENT.1 has the capability for stealing data in addition to spying on users' activity.

Indeed, both variants of the Trojan appear as inter-related as the two utilize Team Viewer software's stripped-down editions where they load a malevolent one in place of a DLL file named avicap32.dll. This malevolent edition plants the Trojan's actual payload.

After getting installed, the backdoor turns off alerts regarding errors so that Team Viewer's installation process may begin. It also adds its payload files as well as Team Viewer files that are attributed as "read only," "hidden" and "system." After this it records calls that ask to have Team Viewer work along with many computer functions. Incase Team Viewer's operation isn't possible for want of particular components/files then the Trojan contacts its CnC (command-and-control) infrastructure for providing them.

Soon as the new variant begins operating, the avicap32.dll gets automatically loaded. Attackers altered this library file so as for incorporating the BackDoor.TeamViewerENT.1 that's uploaded onto the infected PC's memory devoid of requirement of any further files for functioning, which makes detection of the Trojan difficult.

Having contacted the CnC system, BackDoor.TeamViewerENT.1 executes tasks such as shutting down or restarting the host PC, hearing audio from the microphone, and watching the webcam all letting the attackers monitor end-users' activities, grab their private data and/or plant more malware. Scmagazine.uk.com posted this, August 16, 2016.

According to Doctor Web, the Trojan's activities were particularly prolific in Russia; however, it targeted end-users in USA, Spain and UK too. The attacks gradually became prominent in USA during August 2016.

» SPAMfighter News - 8/23/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page