New SpyEye plugin takes control of crimeware victims' webcam and microphone

New SpyEye plugin takes control of crimeware victims' webcam and microphone

Summary: Security researchers from Kaspersky have profiled a new SpyEye plugin known as flashcamcontrol.dll which takes control of the victim's webcam and microphone.

SHARE:
TOPICS: Browser
6

Security researchers from Kaspersky have profiled a new SpyEye plugin known as flashcamcontrol.dll.

What does it do? Basically, it modifies an infected host's Flash permissions, allowing cybercriminals the opportunity to control and webcam and the microphone of the infected victims.

More details:

If an infected user visits the site of a specified bank and the browser processing the page requests a flash-document via a link from the first column, the webfakes.dll plugin (which runs in a browser context) detects that request and replaces it with an address from the second column – an address controlled by the intruders. As a result, the browser will load a malicious document from the intruder’s server (statistiktop.com) instead of a flash document from the bank site.

It turned out that both flash documents merely create a window with a picture from the webcam. One of them sends a video stream to the intruder’s server.

It appears that someone is experimenting, with long-term ambitions on their mind. Face recognition for online banking as a concept has been around for years, however, financial institutions globally have failed to implement the solution on a large scale. Personally, I believe that facial recognition as a value-added protection mechanism is a futile attempt to prevent a successful crimeware attack on the infected host.

Taking into consideration the fact that on the majority of occasions users don't know that they're infected with crimeware, a visual representation of the fact that a particular end user is indeed in front of the computer wouldn't change this. And now cybercriminals have developed an efficient way to undermine the facial recognition process with ease.

This latest development once again proves that cybercriminals are steps ahead of the security industry, and will continue to innovate in an attempt to increase their fraudulently obtained revenues.

Find out more about Dancho Danchev at his LinkedIn profile, or follow him on Twitter.

Topic: Browser

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • spy cam

    Similar remote camera and microphone virus like applications have been around for years, but used for a different purpose.
    Ladies (and gents???) how many of you leave the lid of your laptop open and switched on while getting dressed or undressed in the background???.. I have always put a small piece of tape over the camera on any laptop I use when it is not in use, and tell others to do the same. There is probably a highly secret site which has been around for years that is dedicated to showing these clips. Maybe somebody would like to share the link here, thought not??????(grin)
    ronangel
  • Kaspersky Again?

    I see that ZDNet makes a lot of references to Kaspersky. Do you guys have a business contract with them? If yes, is that honorable "journalism" on ZDNet's part?
    Eleutherios
  • Virus-Proof you PC to avoid all these malware.

    You can Prevent Installation of such malware by Virus-Proofing you Systems. NashWall can prevent all kinds of Unauthorized Installations. Get a Free Copy at www.nashwall.com
    NarenNash9
  • Kaspersky again ?

    Interesting that Kaspersky always seem to "discover" the more recent malware.
    Could they be involved or an insider ?
    NotM$Sucked
  • Kaspersky

    You know I have tried Kasperky's products and to be honest, I wasnt that impressed. I like other products a lot better. Also it's a proven fact that most of the malware comes out of the country where Kaspersky is based.
    muttjp
  • camJAMR's are the new way to protect yourself!

    The only way to protect your privacy is by covering your webcams... Do it with style.

    Check this video out and others on our blog

    http://camjamr.com/index.php/blog/recent-news

    http://video.foxnews.com/v/1519044438001/are-you-being-spied-on-through-your-electronicsl
    camJAMR