The 37 year-old computer programmer from Madrid, who has only been identified by the initials J.A.S., allegedly wrote the virus and distributed it over a file sharing network. According to the Spanish Civil Guard, who have not yet revealed the name of the virus, the malicious program was disguised as a music or picture file.
The Spanish Civil Guard said in a statement that the matter was first brought to their attention in July 2004 when a user in Alicante found a suspicious file on his computer and reported it to the authorities. After analysing the file, Spanish police discovered that the virus was written in 2003 and at the time was not recognised by any of the popular anti-virus applications.
According to the statement, J.A.S.'s computer was seized and found to contain "hundreds of photographs and recordings". The Civil Guard suspects that "thousands of computers worldwide" were under the suspect's control.
Ben Guthrie, product marketing manager at Trend Micro, said that one of the first real "back-door" programs was called Back Orifice and released more than five years ago. Currently there are around 200 different pieces of malware that use P2P networks to find their victims' and they often target users that are not "technically competent", he said.
"The broadband explosion increased the use of P2P software by users that are not technically competent. It is quite likely that they put a lot of trust into the files listed by their P2P software. These types of malicious programs install silently so the user thinks that nothing has happened," said Guthrie.
Graham Cluley, senior technology consultant at Sophos, said he expects to see more viruses and Trojans that are designed to spy on "innocent home computer owners and poorly-protected businesses".
"With many home users keeping poorly-defended PCs in their bedroom, there is considerable potential for abuse. If you are in any doubt, unplug your Webcam when you're not using it," said Cluley.
Security experts recently warned that large companies should take care when using network webcams and Internet-based security cameras because if they are not properly secured they could be viewed by unauthorised sources.