1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

New Trojan Abuses Popular Remote Control Software

Discussion in 'Security Updates' started by starbuck, Jan 17, 2011.

  1. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,825
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    . Security researchers have identified a new trojan which incorporates the popular TeamViewer remote control software to allow fraudsters to perform unauthorized online banking transactions from infected computers.


    The piece of malware was discovered by experts from Group-IB while performing a forensic investigation on the systems of a defrauded Russian company.

    It was subsequently analyzed by security researchers from antivirus vendor ESET who call it Win32/Sheldor.NAD. Around half of antivirus engines on Virus Total currently detect the threat.

    The malware drops a backdoor component in the the Windows directory along with a TeamViewer 5 server that it runs in console mone.

    TeamViewer (TV) is a free program commonly used for remote assistance and remote control of computers over the Internet.

    The inclusion of a TV server has a very precise purpose - bypassing the extra authentication mechanisms put in place by some banks.

    Many online banking systems build computer signatures, especially for business customers, and allow authentication from them.

    Under these circumstances, even if the login credentials get stolen, the thieves are unable to abuse them.

    To counter this, fraudsters have implemented remote control features into their malware. For example, the notorious ZeuS banking trojan integrates a VNC (Virtual Network Computing) module.

    "One component of TeamViewer is modified in order to inject code into tv.dll, communicating through the administrative control panel," David Harley, a senior research fellow at ESET, explains.

    Sheldor allows remote attackers to start a command line shell on infected computers, toggle monitoring on and off, log off the Windows user, power the system down and uninstall the bot.

    "[...] It's disquieting but not surprising to see widely-used remote access tools misused for criminal purposes," Mr. Harley says.

    In the past we have seen scareware programs integrate free file scanning tools from real vendors in order to increase their legitimacy.



    Source:
    http:/ ews.softpedia.com ews/New-Trojan-Abuses-Popular-Remote-Control-Software-178489.shtml
     
    Last edited by a moderator: Feb 4, 2014

Share This Page