Webcam logger interception by CFP and GesWall

Discussion in 'other anti-malware software' started by aigle, Apr 14, 2009.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Zemana has a test application to check for web cam logging and I read that there are POCs/ trojans that can capture and transfer webcam images from a victim PC.

    I have tried to add this feature via custom rules in GesWall and CIS. I am not sure how good this rule will work and what potential issues it might cause.

    1- In CIS I added \Device\usb* in my protected files and it successfully blocks web cam logger, yahoo messenger,s web cam access and web cam logger trojan,s web cam access.


    2- In GesWall I added a new rule in Resources:

    Security Class : Confidential
    Resource Type : Device
    Resource Name \Device\usb

    It,s intercepting Webcam logger and YAhoo messenger,s web cam access.

    What can be the problems created by these custom rules, I am not sure. Anyone can suggest? I tried my USB mouse and USB memory stick and grossly did not get any troubles/ pop up alerts due to these rules.

    Thanks

    1.jpg
    2.jpg
    3.jpg
    4.jpg
     
  2. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi,

    Thank you aigle for your hints.

    OA paid intercepts this logger by default

    Sans titre.jpg

    Regards,

    MaB
     
  3. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Did the rule for GW interfere with printing?
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Nice to see. :thumb: Thanks

    Is it added recently? I remember not long ago Mike said they are not interestred in it.
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I don,t know really.
     
  6. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Weeks ago since early 3.1 beta if i am not wrong, aigle

    MaB
     
Loading...
Thread Status:
Not open for further replies.