UK security firm Sophos is warning computer users of a new worm with the ability to take over computers and view and capture images of victims through their own Web cameras. The worm, known as W32 Rbot-GR, spreads through network shares as opposed to e-mail, and installs what is known as a backdoor Trojan horse.
While the worm was not widespread, it does represent a trend toward spying on infected users and using Web cams to capture images, masquerade as another user or exploit children, according to experts.
Sophos senior technology consultant Graham Cluley told TechNewsWorld that the worm is highly sophisticated in many ways, including its network-based spread. But the most interesting aspect of the worm, he pointed out, is its ability to grab video and screen shots from infected machines and their Web cams.
“It exploits multiple Microsoft vulnerabilities and backdoors of previous worms, including MyDoom,” Cluley said. “We fully expect this to be seen in other worms and Trojans going forward.”
Along with an increasing number of software vulnerabilities, particularly in Microsoft’s Windows XP operating system that was recently updated for security with Service Pack 2, advances in worm writing technology and collaboration have allowed for more numerous and dangerous variants, Trojans and other malware.
Cluley said that the Web cam aspect might not be the central focus of worm writers, but he added that such features will probably be more common in viruses and worms in the future.
“Hackers will increasingly add this to their worms,” he said.
Cluley indicated there have been other Web cam Trojans in the past, but Rbot-GR is a worm capable of replicating itself.
“It’s trying to work on a much larger scale than a typical Trojan,” he said.
Curious About Compromise
The Rbot-GR worm might not be the first malicious code to take over Web cams, security experts agreed, but there is a growing trend whereby computer attackers are looking to spy on or become more familiar with the compromised machine and its user.
“[Attackers] are looking at where a computer is and looking at you,” Cluley said. “I think more and more of them will be curious to see who’s out there.”
Sophos indicated the worm could even lead to industrial espionage in the workplace and was the equivalent of a “Peeping Tom who invades your privacy” for the home user.
Cluley added that while there is a large population of computers that are regularly compromised, the real weak link is human beings who mistakenly link to malicious sites or run programs that they should not far too often.
Ken Dunham, director of malicious code intelligence for iDefense, told TechNewsWorld that there have been a number of Web cam Trojans in the past.
“The idea of using a Trojan to view a victim’s Web cam is not new at all,” Dunham said. “There are many different Trojans and Trojan types that give you that capability.”
Dunham — who referred to use of the method by pedophiles looking to view, obtain or trade images — said he does see Web cam exploits as a growing problem.
“Webcams and an increase in connectivity have led to this kind of exploitation — and it happens regularly,” he said.