[colug-432] TeamViewer

Angelo McComis angelo at mccomis.com
Fri Nov 1 11:50:44 EDT 2013


Rick,

The problem with TV is not that it's a bad application, just that it has so
much control, and it can be used for bad, as well as for good.  The popular
attack is to patch TV in memory, thus leaving no trace that malware is
present, and forensically, there's nothing on disk to track down.
 Accordingly, as a "rat" (remote access tool), since it's using software
already on a system, it's therefore rather stealthy.

Agree about VNC, being that it feels safer in current implementation.

A


On Fri, Nov 1, 2013 at 11:25 AM, Rick Troth <rmt at casita.net> wrote:

>  FYI, TeamViewer may provide an attack vector.
>
> I installed TeamViewer (on OpenSUSE).  This is a popular desktop sharing
> tool with broad platform coverage.  One of my team-mates was using it and
> we have regular need to do DT sharing with customers.  (There are other
> tools/methods we use, but like I said ... TV is popular with some.)
>
> Then I happened to notice an unexpected TCP connection.  It traced back to
> TeamViewer (their servers).  Not good!  I found the TV processes running,
> killed them, removed the files, and deleted the package.  (Less emotion
> might have left more stuff for forensics, but I do have a backup of some of
> that.)
>
> A little Googoo gruntwork turns up ... yes ... TV is used by the bad
> guys.  I am omitting some details.  Anyone know more about it and care to
> share?  In any case, *you have been warned*.
>
> To date, the safest desktop sharing tool in my doctor's bag is VNC.  It
> instantiates a virtual desktop to which applications voluntarily connect.
> Yes, you *can* use VNC to hit the physical display/keyboard, and for all I
> know that is more popular now.  But traditionally VNC was virtual by
> default (and nicely boxed).
>
> -- R; <><
>
>
>
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20131101/2bd46753/attachment.html 


More information about the colug-432 mailing list