Who is secretly starting your camera?

Who is secretly starting your camera?

Text/image: erratic

We are certainly not unfamiliar with this word, but few people will associate it with themselves, because everyone does not believe that this kind of thing will happen to themselves, however, you are far less likely to peek at others. The birth of the Internet makes it easier for us to work and learn, and also makes our privacy more vulnerable to hacker theft. On the Internet, there are a lot of video shoes circulating. the protagonists in these videos often do not know that they are in the eyes of others. As a result, some private content is recorded and exposed by hackers. Most of the victims are female. They will also be peeked at home. It seems that this is a night talk, but this is actually a headache for cameras. When a camera device is connected to a computer, the camera is in the working state. If a hacker intrude into your computer, it can easily open your camera, and you do not know at this time, this is the beginning of a peek ......

Black Hole Trojan, remotely enable the camera

Nowadays, Trojans are becoming more and more powerful and are no longer limited to remote control. More other functions have been developed. Among them, "remotely enable the camera" is currently a hot spot for Trojans. There are many Trojans with "remotely enable the camera", such as the well-known "gray pigeon" and "black hole" Trojans. These Trojans not only enable the user's camera remotely, but also record the camera as a monitoring device and record the recorded content as a video. A lot of video stealing on the network is a masterpiece of these Trojans with the "remotely enable camera" function.
The "black hole" Trojan is very powerful in camera monitoring. If a user runs the server of the "black hole" Trojan, the hacker simply clicks the mouse to remotely enable the user's camera, save the captured content as an Mpeg video file. Let's see how hackers remotely enable the camera.
Configure the camera monitoring function for Trojans
Run the "black hole" Trojan. the system configuration page is displayed. On the "Port" tab, enter the listening port and enter it at will, for example, 777. Then, click the "test" button on the right, check whether the port is occupied by other applications. Switch to the "connection password" tab and enter the password for connecting to the zombie. Click "OK" to go to the software disclaimer. After you agree, you can go to the main software interface.
Go to the main interface, click its "file" menu, and select "create DLL insert version server program ". In the Configuration window of the server program, switch to the "control options" tab and select "allow video monitoring". In this way, the generated server program can remotely open the user's camera and record it. Switch to the "connection options" tab and fill in the IP address and port number of the target host in "fixed connection. This is the most basic forward connection method for Trojans. Of course, hackers may use other connection methods. For example, in the "black hole", up to four connection methods are provided, make sure that hackers can connect to bots correctly. We will not go into details here.
Figure 1. Enable video monitoring
Enter the zombie name in "online display name" and click "generate" to generate a Trojan server with the remote camera enabled. Next, hackers will send the Trojan to the target user, waiting for the user to hook up.
Enable camera remotely
After a user runs a "black hole" server, the hacker can connect to the user's computer through the "black hole" client program, after the connection, the user's computer will appear in the main interface of "black hole. Select the connected user and click "video monitoring". The video monitoring window will pop up soon. At this time, the user's camera has been opened, and we can see the user's every move. If you want to save the video, you can select the video size in the video monitoring window, select the "Save as Mpeg file" option, and click the "Start" button to start recording the video.
Figure 2. Start video monitoring

Find the "black hole" Trojan hidden in the system

What are the biggest features of Trojans? The answer is concealment. Trojan horses are hidden in the user's system through certain technical means to control users' computers for a longer period of time. Generally, users have limited knowledge about computers, it is difficult to find Trojans in the system. Moreover, today's Trojans have powerful hiding capabilities: dll insertion, rootkit, and other new technology applications, not to mention cainiao. It is very difficult for old birds to find Trojans in the system, not to mention clearing it. Just like the pandatv virus that has been raging for some time ago, its protection method is a ring set. It is difficult to clear it.
So how can we find the "black hole" trojan in the system? In fact, like other Trojans, the "black hole" trojan has something in common, and its hiding technology is similar. For example, in the above demonstration, we mentioned that the "black hole" Trojan can create a server program with DLL inserted versions, that is, the trojan will release the dll file to a normal system process to hide the process. Switch to "module list" in the process Details window below. The dll files contained in the process will appear. The publishers of these dll files are "Microsoft ", if a dll file with an empty publisher exists in the process, be careful. Of course, this is not necessarily infected with a "black hole" Trojan. It may be another trojan or virus, or a normal drive file.
The "black hole" trojan also provides the function of hiding server files, processes, registries, and services. This is where the rootkit Technology is working. But you don't have to worry about it. Even if it is hidden, you still have a way to find it. You can use the security tool icesword we have introduced or the "super patrol" to show hidden content using rootkit Technology. In short, it is necessary to regularly use the security tools mentioned above to perform a health check on the system, so as to detect trojans in the system as soon as possible. When the system is abnormal, especially when the game account is stolen and anti-virus software cannot be started, you should thoroughly check the problem.
Figure 3. hidden items of Trojans IN THE SYSTEM
After learning how to discover the system's black hole Trojan, let's take a look at how to clear the "black hole" Trojan. The removal of the "black hole" Trojan is relatively simple because it has a simple unmount function, unlike other trojan programs that need to manually clear all files. After the server that runs the "black hole" Trojan, if a hacker sets "display icon in the taskbar", there will be a "black hole" Trojan icon in the taskbar, click the icon, select "uninstall service" to uninstall the server.
However, this situation is rare, because few hackers may deliberately expose themselves, so we do not have to expect to find the "black hole" Trojan icon in the taskbar. When we confirm that the system has a black hole, you can click the Startup menu bar of the system to run the program, enter "brc_server.exe/setup", and press Enter. The "black hole" Trojan setting window appears, and then click "uninstall service" to uninstall the server.
Figure 4. Uninstall the "black hole" Trojan server

Security awareness is very important to prevent camera Trojans

A Trojan like a "black hole" has the function of remotely enabling the user's camera. We can call it a camera Trojan. "Black hole" is a type of trojan which is not very harmful. Because it is famous, anti-virus software can scan and kill it. What is more harmful is the kind of camera Trojan with a small scope of transmission. The sample files of such camera Trojans are difficult to be extracted, so it is difficult for anti-virus software to scan and kill them, therefore, it may remain in the user's system and monitor the user's every action every day.
Many websites on the network can provide customized Trojan services. As long as you pay a certain fee, you can ask programmers to create a personal trojan software, of course, the camera monitoring function can also be added. If the customized trojan software is not spread, anti-virus software companies will not be able to obtain samples and will not be able to scan and kill the software. To prevent such Trojans, you can only use some security tools with the underlying monitoring function of the System. For example, the System Safety Monitor we have introduced can prevent all Trojans from running. Generally, if you want to prevent camera Trojans, pay attention to the following points:
1. Hide your own camera
When we access the Internet, the camera on our computer may be known by outsiders. For example, QQ will display the camera on our computer in personal information, any QQ user can find your whereabouts through "Search"/"users with cameras". hackers may exploit this to find users with cameras to launch attacks, therefore, it is necessary to hide the local camera on the network. First, let's disable the camera display function in QQ.
Click "menu"> "Settings"> "personal Settings" on the QQ panel and change to the "Status display" tab. Select "not included in the online video User List ", click "OK. In this way, strangers on QQ cannot find that you have a camera.
Figure 5. Hide your camera on QQ
2. Manage the camera when it is not in use
When you do not use a camera, it is best to direct the camera's lens to the wall or other objects, but not to yourself. hackers are no longer skilled enough to make the camera turn. Alternatively, you can use a handkerchief or something to block the camera lens and then remove it when used. You can also remove the camera from the USB interface, so that even if the camera Trojan is in progress, it does not matter.
There is also a camera with auxiliary light source. when the camera is in the working state, the auxiliary light on the camera will be turned on. With this, we can clearly know what the camera is currently in. You can determine if someone has quietly enabled the camera.
3. Complete local security protection
First, install an anti-virus software with strong anti-virus capabilities, and promptly upgrade the virus database of the anti-virus software. Be sure to enable the virus firewall of the anti-virus software. Second, do not receive and run files sent from strangers. Who can ensure that this is not a camera Trojan service? Finally, we need to visit unfamiliar websites to avoid webpage Trojans.