This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects Backdoor.Teambot communicating and requesting information from its controlling server.
When executed, the threat creates the following files:
Next, the threat creates the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"sv?host" = "%Windir%\svchost.exe"
HKEY_CURRENT_USER\Software\WinRAR SFX\"C%%WINDOWS" = "%SystemDrive%\WINDOWS"
HKEY_CURRENT_USER\Software\WinRAR SFX\"C%%WINDOWS%log" = "%Windir%\log"
The threat uses modified code of Team Viewer (which is a legitimate application), which provide a remote connection to the the server. The servers also have Team Viewer running on their machine to complete the connection. This which gives them the ability to execute various commands on the infected host for eg:
Force a reboot
Download malicious files
Create and delete files and folders