Webcam logger interception by CFP and GesWall

Discussion in 'other anti-malware software' started by aigle, Apr 14, 2009.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,116
    Location:
    Saudi Arabia/ Pakistan
    Zemana has a test application to check for web cam logging and I read that there are POCs/ trojans that can capture and transfer webcam images from a victim PC.

    I have tried to add this feature via custom rules in GesWall and CIS. I am not sure how good this rule will work and what potential issues it might cause.

    1- In CIS I added \Device\usb* in my protected files and it successfully blocks web cam logger, yahoo messenger,s web cam access and web cam logger trojan,s web cam access.


    2- In GesWall I added a new rule in Resources:

    Security Class : Confidential
    Resource Type : Device
    Resource Name \Device\usb

    It,s intercepting Webcam logger and YAhoo messenger,s web cam access.

    What can be the problems created by these custom rules, I am not sure. Anyone can suggest? I tried my USB mouse and USB memory stick and grossly did not get any troubles/ pop up alerts due to these rules.

    Thanks

    1.jpg
    2.jpg
    3.jpg
    4.jpg
     
  2. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi,

    Thank you aigle for your hints.

    OA paid intercepts this logger by default

    Sans titre.jpg

    Regards,

    MaB
     
  3. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Did the rule for GW interfere with printing?
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,116
    Location:
    Saudi Arabia/ Pakistan
    Nice to see. :thumb: Thanks

    Is it added recently? I remember not long ago Mike said they are not interestred in it.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,116
    Location:
    Saudi Arabia/ Pakistan
    I don,t know really.
     
  6. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Weeks ago since early 3.1 beta if i am not wrong, aigle

    MaB
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.