LG Tips & Tricks: Backdoor uses TeamViewer to spy on victims

  • 1
  • Idea
  • Updated 2 years ago
  • (Edited)
TeamViewer software allows you to remotely access and control any PC or server.

LANGuardian can detect TeamViewer clients through Snort signatures. The LANGuardian Intrusion Detection System (IDS) contains signatures to report on and detect any TeamViewer clients activity on the network.

Is TeamViewer an approved application for use on your network?



It is important to also note that TeamViewer components have been used in backdoor attacks. If a system legitimately uses TeamViewer, you can tune it out so that it will be easier to identify new installs of the application

I was on a customer's system earlier this week, and I detected some TeamViewer activity which no doubt was legitimate; I came across this article below since which gives some additional food for thought on this topic.  

https://www.helpnetsecurity.com/2016/08/23/backdoor-uses-teamviewer/

Furthermore, TeamViewer can be used as an attack vector for Ransomware. While phishing emails are the most common way Ransomware can get into a network, there are also other attack vectors. This post below makes some interesting reading, as it gives some detail on how a TeamViewer client was used to infect a PC.  

https://www.reddit.com/r/sysadmin/comments/4nha4n/new_ransomware

Should you have any questions on any aspect of LANGuardian, please feel free to contact us at any time on support@netfort.com
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 390 Posts
  • 8 Reply Likes

Posted 2 years ago

  • 1

Be the first to post a reply!