It’s been a while since I’ve talked about any of the viruses tearing up the Internet and there’s been some real interesting out there. In the past month and a half I’ve seen two very unique viruses in particular that I’ve wanted to write about. The “JPEG of Death” and the “Rbot-GR” are not very widespread or overly dangerous, but they are pioneers of a sort. The JPEG of Death exploits a vulnerability in certain Windows platforms and suites, with JPEGs The Rbot-GR is more of a typical backdoor worm with the ability to take control of any microphone and webcam connected the infected PC.
This week I’ll talk about the W32Rbot-GR, which is one of at least a hundred variants of the Rbot worm that are known. The Rbot-GR was discovered by Sophos (an antivirus company) in late August of this year. The Rbot worms are backdoor Trojans, which upon successful infection open a “Backdoor” on the infected PC for the hacker/creator to access it . Once this is done the hacker can then initiate more harmful services such as; Distributed Denial of Service (DDoS), key loggers , and send e-mail. These worms can even scan your system for important passwords, account information and any game registration numbers installed on your PC (43 game titles to-date are infected including Battlefield 1942, Unreal Tournament 2004, and Counter Strike). In addition to all of these wonderful features the W32Rbot-GR has the ability to capture input from your connected PC microphone and webcam.
When a hacker takes control of your microphone on the PC it can record what you thought were private conversations. How about the PC you may have in your kids bedroom with the webcam installed? Besides a small “On” light that some webcams may have on them there is nothing to let you know that you have a “Peeping Tom” recording moments you thought were private. With the number of broadband (always on connection) subscribers growing and the inexpensiveness of webcams, and mics it’s not hard to imagine the magnitude of the Rbot-GR being highly distributed. This isn’t the first virus to be able to capture media input, but this version can replicate through network shares. Spreading through the network can potentially give Hackers control of inadequately protected networks.
The Rbot-GR is relatively low distribution so far, but this is code that could very likely start becoming a normal part of the hackers arsenal. The best way to avoid infection? You guessed it—stay up-to-date on your antivirus software, set correct firewall settings, and don’t download content from unfamiliar sites. Another thing you might want to consider is unplugging your webcam and mic when you’re not using them. If you become infected you can find removal instructions from http://www.sophos.com/
Now that everyone is feeling thoroughly violated, just wait ’til next week when I talk about Virus JPEGs.
Stay safe out there, .