الثلاثاء، 21 يونيو 2016

Turn Your PC Into A Web Proxy By Windows Trojan Using TeamViewer


Turn Your PC Into A Web Proxy By Windows Trojan Using TeamViewer.


BackDoor.TeamViewer.49 is the name of a backdoor trojan which is found by Russian security dealer Dr.Web, who declares it will install the TeamViewer application on affected computers that’s why it can communicate Web traffic from the hackers to other servers on the Internet it will successfully using the host as a proxy server.


The researchers of Dr.Web, together with the experts of security from Yandex. And  firstly the Trojan was discovered at the start of May that is distributed through a complex multi-stage mechanism.
At the starting, infection arises through an infected update package of Adobe Flash.

Users do not get affected with BackDoor.TeamViewer directly. Although it was firstly infected through a malware dropper called Trojan.MulDrop6.39120. And that’s why Dr.The Web says is spread online together with an update package of Adobe Flash Player.

When users install this update version of malicious Flash Player, they get a genuine Flash version, but there were also the Trojan.MulDrop6 trojan presented in the files, which secretly installs TeamViewer on the computer of the victim.

Removing the TeamViewer on affected devices that are not something new, but the hackers do not use it to log into the PC of the victim and also take control of the device. Dr.Web declares that TeamViewer is used for something else.

Attackers do not steal anything from affected devices.

Attackers swapped the avicap32.dll file of TeamViewer with a malicious version which consists the BackDoor.TeamViewer trojan. Since TeamViewer repeatedly runs avicap32.dll in the OS memory and hackers only required to add auto-run functions to TeamViewer as well as make sure that the icon of the app is hidden from the Windows notification area.

After the criminals make all of the essential changes as well as TeamViewer is running, BackDoor.TeamViewer links by an encrypted channel to the hackers command as well as the control server, where it remains for instructions.

Dr.Web says that in the malicious versions it will analyze, the main function of Trojan was to activate as a Web proxy and it taking the traffic which accepts from the C&C server as well as transmitting it to the Internet that effectively masking the  real IP of hackers.

A Team Viewer spokesperson told, "While we will have to look closer into this matter, the real issue is the installation of a malware program. Once a system is infected, perpetrators can virtually do anything with that particular system - depending on how intricate the malware is, it can capture the entire system, seize or manipulate information, and so forth. So first and foremost, it is important that users protect their systems best they can by having proper anti-malware in place."

ليست هناك تعليقات:

إرسال تعليق