Teamviewer vulnerable

**KarameaDave** · 23-03-2016, 11:57 AM

As a few on here are users of this, a heads-up is in order.

http://news.softpedia.com/news/surpr...s-502006.shtml

**Richard** · 23-03-2016, 11:59 AM

Thanks for the 'heads-up' Dave.

**1101** · 23-03-2016, 12:37 PM

or perhaps not

"As Surprise ransomware victims noticed that they all had TeamViewer installed, they went on to search TeamViewer's logs, and all discovered that someone accessed their computer via TeamViewer, downloaded the suprise.exe file (ransomware's payload), and then launched it into execution, encrypting their files"

So, it could be a hacker installed TV
It could be an email asking user to 'login' into TV a/c via a bogus weblink in the email
it could be user ran a TV support link , that belonged to a hacker
it could be TV password was obtained some other way, eg , common password, password store program hacked or accessed
etc etc

"(1) Up to now, none of the reported cases is based on a TeamViewer security breach" TV's response

**1101** · 23-03-2016, 12:40 PM

From the forum link
"You may want to plug your email into this site and see if your credentials were ever leaked: https://haveibeenpwned.com/"

"mmm Unfortunatly i have some email address affected"

There may be a genuine TV issue, but I wouldnt jump to conclusions , yet.

**KarameaDave** · 23-03-2016, 01:11 PM

Originally Posted by 1101

or perhaps not

"As Surprise ransomware victims noticed that they all had TeamViewer installed, they went on to search TeamViewer's logs, and all discovered that someone accessed their computer via TeamViewer, downloaded the suprise.exe file (ransomware's payload), and then launched it into execution, encrypting their files"

So, it could be a hacker installed TV
It could be an email asking user to 'login' into TV a/c via a bogus weblink in the email
it could be user ran a TV support link , that belonged to a hacker
it could be TV password was obtained some other way, eg , common password, password store program hacked or accessed
etc etc

"(1) Up to now, none of the reported cases is based on a TeamViewer security breach" TV's response

But TV is the common factor in this, Yes?

**1101** · 23-03-2016, 01:50 PM

Originally Posted by KarameaDave

But TV is the common factor in this, Yes?

Yep.
But nothing is proven, one way or the other, yet. A bit of caution never hurts, but surely we arnt at panic mode yet ?

I wonder, does TV have build in protection against brute force attacks ? Will TV drop/block attempts to connect after
too many wrong password attempts . Is this sort of thing recorded at TV's server (should be , surely)

If TV was compromised, why did they not pick the corporate or rich clients to hack into first ? That would have been the best pickin .

**KarameaDave** · 23-03-2016, 02:05 PM

No panic here, I don't use it.

I was merely trying to be helpful...

**pctek** · 23-03-2016, 02:47 PM

I've never liked using those things....leaves a bloody big hole in the users PC

**1101** · 24-03-2016, 10:08 AM

Originally Posted by KarameaDave

No panic here, I don't use it.

I was merely trying to be helpful...

I appreciated the heads up, but Id bet theres more to the story
Perhaps they were all the type of user that goes to 'certain' websites . All links & all instances of this (I could find) point back to that forum & only users in that forum (that I could find)

I never install TV & leave it running (unattended access mode).
No need to, just leave the TV exe on the desktop, get the user to run it in "run only " mode when its needed. When finished, TV closes .

Its the cheaper clones of TV that make me nervous , they are a bargain price but could never bring myself to trust them .