Sometimes a wrench is just a wrench... until its a bomb

Teamviewer a great tool for fixing things...

till its a hacking tool

The Team Viewer application is an awesome tool that can be used to allow network administrators to fix problems remotely. Since it and similar tools inceptions, individuals can use remote diagnostic and fixing tools to address problems without having to leave their desk. This has led to the IT field having remote centers that can even remove root-kit viruses from computers remotely. However, recently there has been a new application for team viewer.

From: http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240151544/how-teamspy-turned-legitimate-teamviewer-app-into-cyberespionage-tool.html

TeamSpy is a cyberespionage operation targeting government agencies, businesses, and activists that may stretch back as far as roughly a decade. Many of its victims appear to be from Europe. The crew took advantage of the functionality of the TeamViewer application, which is used for remote control, Web conferencing, desktop sharing, online meetings, and transferring files between computers.The malware installs a version of TeamViewer on infected systems. The attackers then extend TeamViewer's functionality to provide additional stealth, dynamically patching it in memory to remove indications of its presence.

This attacks allows for complete remote access and control of individuals computers.  The computer can then be used to remotely access other computers on the network and infect them.  This attack was extremely successful in Eastern Europe. Since then, many organizations have asked, "what can I do about this?"

From: http://www.securelist.com/en/blog/208194185/The_TeamSpy_Crew_Attacks_Abusing_TeamViewer_for_Cyberespionage

1. Scan for the presence of the “teamviewer.exe” application.
2. Block access to the known command-and-control domains and IP addresses. (see our full technical paper)
3. Implement a rigid patch-management plan throughout the organization. This operation includes the use of popular exploit kits that targets known desktop software security vulnerabilities.

But this doesn't solve how to fix this for agencies that actually USE the team viewer software program currently.  What do these organizations do?  This tool is a crucial part of their infrastructure.  Unfortunately, I don't see a solution coming soon, until team viewer patches their software.