[ISN] Meet the Peeping Tom worm

InfoSec News isn at c4i.org
Tue Aug 24 02:38:40 EDT 2004


By John Leyden
23rd August 2004 

A worm that has the capability to using webcams to spy on users is
circulating across the Net.

Rbot-GR, the latest variant of a prolific worm series, spreads via
network shares, exploiting a number of Microsoft security
vulnerabilities to drop a backdoor Trojan horse program on vulnerable
machines as it propagates. Once a backdoor program is installed on a
victim's PC it's game over and an attacker can do whatever takes their
fancy. But Rbot-GR comes pre-loaded with functionality specifically
designed to control webcam and microphones. Other variants of the worm
do not come with this "Peeping Tom" routine, according to AV firm

"If your computer is infected and you have a webcam plugged in, then
everything you do in front of the computer can be seen, and everything
you say can be recorded," said Graham Cluley, senior technology
consultant for Sophos. "It would be like having a regular web cam
conversation except you wouldn't know you're taking part in it."

Aside from its voyeuristic behaviour, the Trojan component of the worm
will attempt to steal registration information for games and PayPal
passwords from infected machines. It's a thoroughly nasty piece of
code so it comes as some relief that Rbot-GR hasn't particularly
widespread. Sophos has received only as handful of reports about the
worm and most vendors rate it as a medium-risk threat. As usual,
Rbot-GR is a Windows-only menace.

More information about the ISN mailing list