Meet the Peeping Tom worm

Spy on the wire

By John Leyden • Get more from this author

Posted in Enterprise Security, 23rd August 2004 14:56 GMT

Free whitepaper – Extended Validation SSL Certificates

A worm capable of using webcams to spy on users is circulating across the Net.

Rbot-GR, the latest variant in the prolific worm series, spreads via network shares, exploiting a number of Microsoft security vulnerabilities to drop a backdoor Trojan horse program on vulnerable machines as it spreads. Once a backdoor program is installed on a victim's PC it's always game over - an attacker can do whatever takes their fancy. But Rbot-GR comes pre-loaded with functionality specifically designed to control webcam and microphones. Other variants of the worm do not come with this "Peeping Tom" routine, according to AV firm Sophos.

"If your computer is infected and you have a webcam plugged in, then everything you do in front of the computer can be seen, and everything you say can be recorded," said Graham Cluley, senior technology consultant for Sophos. "It would be like having a regular Web cam conversation except you wouldn't know you're taking part in it."

Aside from its voyeuristic behaviour, the Trojan component of the worm attempts to steal registration information for games and PayPal passwords from infected machines. It's a thoroughly nasty piece of code; so it comes as some relief that Rbot-GR isn't particularly widespread. Sophos has received only a handful of reports about the worm. Most vendors rate it as a medium-risk threat. As usual, Rbot-GR is a Windows-only menace. ®