iondjp

EAM and Camera Hijack

Recommended Posts

I received an email stating that my laptop camera had been hi-jacked. The email had been labelled Junk mail and was disabled. I am almost certain that it is phishing attempt, but more than one person uses this laptop so who knows.

In any case, it raises a few general questions about Emsisoft Anti-Malware.

  1. Is it possible for a rogue video to actually install something on the machine, or would EAM and Windows Firewall protect from that?
  2. If it was possible, would EAM scan be sufficient to find it?
  3. Would EAM behaviour blocker protect against it's operation?
  4. Is there more I should do at this stage?

As usual....thanks in advance.

Share this post


Link to post
Share on other sites

Hello,

Thank you for contacting us about this issue. Please feel free to forward the email to [email protected] Most likely this is a malicious email.

As for your questions:

1: Yes, you would be protected from that by EAM.

2: No, realtime protection would have blocked it, either via the file guard or behavior blocker. However you can always run a scan to doublecheck.

3: Yes.

4: No, you can just trash the mail or forward it to us (and then trash it).

 

 

Share this post


Link to post
Share on other sites

Regarding question 1, are there forms of video file that can do that with generic players?  I would have hoped such an attack would require a matching exploit in a specific player.

Regarding question 2, I'm sure I read recently that EAM doesn't examine the content of large files, so wouldn't a scan be likely not to detect a problem?

Share this post


Link to post
Share on other sites

The hijacking aside, you need to have traffic back to the attacker, which would be detected in any case. And unless someone tricks you in installing something to capture your camera input to send it their way (which would be a legitimate program, which you clearly have to install manually and configure) the attack itself would be intercepted as well.

 

Larger files may always not be scanned by the file guard, but they are monitored by the behavior blocker, so that is not an issue.

Share this post


Link to post
Share on other sites

> The hijacking aside...

Ok, but that's all about having one's own camera images stolen.  I was asking whether a downloaded - or worse, streamed - video could install something without the help of an exploited player.

 

Share this post


Link to post
Share on other sites

Theoretically that is possible yes, but then something would need to be installed on disk. And that would count as suspicious behavior.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.