[ISN] Banking malware spies on victims by hijacking webcams, microphones, researchers say

From: InfoSec News <alerts_at_private>
Date: Wed, 23 May 2012 06:34:56 -0500 (CDT)

By Lucian Constantin
IDG News Service
May 22, 2012

A new variant of SpyEye malware allows cybercriminals to monitor 
potential bank fraud victims by hijacking their webcams and microphones, 
according to security researchers from antivirus vendor Kaspersky Lab.

SpyEye is a computer Trojan horse that specifically targets online 
banking users. Like its older cousin, Zeus, SpyEye is no longer being 
developed by its original author, but is still widely used by 
cybercriminals in their operations.

SpyEye's plug-in-based architecture allows third-party malware 
developers to extend its original functionality, Kaspersky Lab malware 
researcher Dmitry Tarakanov said in a blog post on Monday. This is 
exactly what happened with the new webcam and microphone spying feature, 
which is implemented as a SpyEye plug-in called flashcamcontrol.dll, 
Tarakanov said.

As suggested by the DLL's name, the malware accesses these two computer 
peripherals by leveraging Flash Player, which has webcam and microphone 
control functionality built in.


LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
Received on Wed May 23 2012 - 04:34:56 PDT

This archive was generated by hypermail 2.2.0 : Wed May 23 2012 - 04:30:05 PDT