The Register
By John Leyden
Published Monday 23rd August 2004 14:56 GMT
A worm that has the capability to using webcams to spy on users is circulating across the Net.
Rbot-GR, the latest variant of a prolific worm series, spreads via network shares, exploiting a number of Microsoft security vulnerabilities to drop a backdoor Trojan horse program on vulnerable machines as it propagates. Once a backdoor program is installed on a victim's PC it's game over and an attacker can do whatever takes their fancy. But Rbot-GR comes pre-loaded with functionality specifically designed to control webcam and microphones. Other variants of the worm do not come with this "Peeping Tom" routine, according to AV firm Sophos.
"If your computer is infected and you have a webcam plugged in, then everything you do in front of the computer can be seen, and everything you say can be recorded," said Graham Cluley, senior technology consultant for Sophos. "It would be like having a regular web cam conversation except you wouldn't know you're taking part in it."
Aside from its voyeuristic behaviour, the Trojan component of the worm will attempt to steal registration information for games and PayPal passwords from infected machines. It's a thoroughly nasty piece of code so it comes as some relief that Rbot-GR hasn't particularly widespread. Sophos has received only as handful of reports about the worm and most vendors rate it as a medium-risk threat. As usual, Rbot-GR is a Windows-only menace. ®
http://www.theregister.co.uk/2004/08/23/peeping_tom_worm/