New SpyEye plugin takes control of crimeware victims' webcam and microphone

Summary:Security researchers from Kaspersky have profiled a new SpyEye plugin known as flashcamcontrol.dll which takes control of the victim's webcam and microphone.

Security researchers from Kaspersky have profiled a new SpyEye plugin known as flashcamcontrol.dll.

What does it do? Basically, it modifies an infected host's Flash permissions, allowing cybercriminals the opportunity to control and webcam and the microphone of the infected victims.

More details:

If an infected user visits the site of a specified bank and the browser processing the page requests a flash-document via a link from the first column, the webfakes.dll plugin (which runs in a browser context) detects that request and replaces it with an address from the second column – an address controlled by the intruders. As a result, the browser will load a malicious document from the intruder’s server (statistiktop.com) instead of a flash document from the bank site.

It turned out that both flash documents merely create a window with a picture from the webcam. One of them sends a video stream to the intruder’s server.

It appears that someone is experimenting, with long-term ambitions on their mind. Face recognition for online banking as a concept has been around for years, however, financial institutions globally have failed to implement the solution on a large scale. Personally, I believe that facial recognition as a value-added protection mechanism is a futile attempt to prevent a successful crimeware attack on the infected host.

Taking into consideration the fact that on the majority of occasions users don't know that they're infected with crimeware, a visual representation of the fact that a particular end user is indeed in front of the computer wouldn't change this. And now cybercriminals have developed an efficient way to undermine the facial recognition process with ease.

This latest development once again proves that cybercriminals are steps ahead of the security industry, and will continue to innovate in an attempt to increase their fraudulently obtained revenues.

Find out more about Dancho Danchev at his LinkedIn profile, or follow him on Twitter.

Topics: Browser

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.