A backdoor Trojan named BackDoor.TeamViewer has been causing numerous problems to computer users. Malware analysts in Russia discovered BackDoor.TeamViewer on the Dark Web. According to their reports, the creators of BackDoor.TeamViewer claim that BackDoor.TeamViewer will install the application TeamViewer on the computers it infects. BackDoor.TeamViewer allows con artists to use the infected computer system as a proxy server effectively, relying Web traffic from the infected computer to other servers on the Web. There are numerous ways in which BackDoor.TeamViewer could be used to carry out the con artist activities. Being able to use an affected computer this way can enable con artists to become anonymous on the Internet much more effectively, allowing their involvement in illicit activities that can range from money laundering to distribution of child pornography. BackDoor.TeamViewer also allows con artists to enter a computer undetected, making the affected computer vulnerable to additional attacks.
The Elaborated Attack of BackDoor.TeamViewer
BackDoor.TeamViewer was first discovered in early May. According to their reports, BackDoor.TeamViewer was being distributed through a complex attack that involved multiple stages and components. The initial BackDoor.TeamViewer infection occurs through a corrupted, fake update for Adobe Flash Player (a common tactic for distributing threats that have been used for quite a long time). This first contact with the attack exposes the affected computer to a threat dropper named Trojan.MulDrop6.39120, which is bundled along with this Adobe Flash Player updater. When computer users install the Flash Player update, they will install a legitimate copy of Adobe Flash Player, but they will also install the Trojan dropper, which proceeds to install BackDoor.TeamViewer on the victim's computer.
How BackDoor.TeamViewer may be Used by Con Artists
TeamViewer used in this context is not a new type of attack. However, in these attacks, BackDoor.TeamViewer is not being used to take over the infected computer to collect data or control the computer user's activity. In fact, computer users may not even notice that BackDoor.TeamViewer has been installed on their machines. BackDoor.TeamViewer runs avicap32.dll on the operating system memory, and when combined with auto-run functions and a hidden icon, it is difficult to be spotted on an infected computer. After this version of BackDoor.TeamViewer has been installed on the victim's computer, it connects to its Command and Control server via an encrypted connection to receive orders.
The analyzed versions of BackDoor.TeamViewer in connection with these attacks operate as Web proxies, receiving traffic from the Command and Control server and then sending it to other servers on the Internet. This masks the con artists' real IP address since anyone monitoring the traffic on the website's side would see the connection as coming from the victim's computer rather than from the con artists.'
How to Protect a Computer from BackDoor.TeamViewer and Similar Attacks
The real issue when dealing with BackDoor.TeamViewer is preventing its initial installation. Computer users are urged to avoid installing Adobe Flash Updates from dubious sources. Once BackDoor.TeamViewer has been installed, con artists can carry out all sorts of activities on the infected computer and, even if this version of the attack is being used to create Web proxies, BackDoor.TeamViewer could also be used to collect and manipulate data on the victim's computer. Apart from being more careful with content downloaded online, malware analysts strongly advise computer users to protect their computers with a reliable, fully updated anti-malware program to prevent future attacks. If you believe that your machine has been infected with BackDoor.TeamViewer, it is important to perform an in-depth scan and uninstall any unwanted components, such as the TeamViewer application.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.