7 Replies Latest reply: Apr 11, 2012 1:56 PM by Ralph Johns (UK)
kat.hayes Level 1 Level 1 (0 points)

I noticed a couple times that the green light has been coming on for my webcam on my iMac. Are there any known trojans/viruses that can do this?

 

Is there a way to determine if this is indeed ocurring?

 

Thanks.

  • 1. Re: Webcam controlled remotely via a trojan/virus?
    BDAqua Level 10 Level 10 (116,475 points)

    There has been in the past.

     

    Which exact Mac do you have?

     

    So we know more about it...

     

    At the Apple Icon at top left>About this Mac, then click on More Info, then click on Hardware> and report this upto but not including the Serial#...

     

    Hardware Overview:

     

    Model Name: iMac

    Model Identifier: iMac7,1

    Processor Name: Intel Core 2 Duo

    Processor Speed: 2.4 GHz

    Number Of Processors: 1

    Total Number Of Cores: 2

    L2 Cache: 4 MB

    Memory: 6 GB

    Bus Speed: 800 MHz

    Boot ROM Version: IM71.007A.B03

    SMC Version (system): 1.21f4

     

    Disable Java in your Browser settings, not JavaScript.

     

    Flashback - Detect and remove the uprising Mac OS X Trojan...

     

    http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html

     

    In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:

     

    /Library/Little Snitch

    /Developer/Applications/Xcode.app/Contents/MacOS/Xcode

    /Applications/VirusBarrier X6.app

    /Applications/iAntiVirus/iAntiVirus.app

    /Applications/avast!.app

    /Applications/ClamXav.app

    /Applications/HTTPScoop.app

    /Applications/Packet Peeper.app

     

    If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.

     

    http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/

     

    http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660

     

    The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.

  • 2. Re: Webcam controlled remotely via a trojan/virus?
    HACKINT0SH Level 5 Level 5 (5,755 points)

    It can not be a virus, but it could be something else.  iChat is able to do features like this, and so can a few other utilties.

  • 3. Re: Webcam controlled remotely via a trojan/virus?
    kat.hayes Level 1 Level 1 (0 points)

                                            Model Name:     iMac

      Model Identifier:     iMac7,1

      Processor Name:     Intel Core 2 Duo

      Processor Speed:     2.8 GHz

      Number Of Processors:     1

      Total Number Of Cores:     2

      L2 Cache:     4 MB

      Memory:     4 GB

      Bus Speed:     800 MHz

      Boot ROM Version:     IM71.007A.B03

      SMC Version (system):     1.21f4

  • 4. Re: Webcam controlled remotely via a trojan/virus?
    BDAqua Level 10 Level 10 (116,475 points)

    Do you use any "Social" sites, I think some can use your iSight, forget which ones.

     

    http://www.ehow.com/how_5799246_disable-isight-camera.html

     

    http://techslaves.org/isight-disabler/

     

    I vaguely remember some browsers having a setting or maybe not.

  • 5. Re: Webcam controlled remotely via a trojan/virus?
    EZ Jim Level 7 Level 7 (21,390 points)

    I have never seen reports of a trojan/virus that does what you describe.

     

    • Restart your Mac and see if the problem remains.

     

    • Some apps, including iChat, Apple Remote Desktop, Finder's Screen Sharing, and some third party software can allow others to remotely operate your Mac if they are configured to do so.   However, unless you have given someone access, whether by choice or by failing to keep your Mac secure, it is unlikely that anyone else is controlling your iSight. 

     

    • You can check your Mac's Activity Monitor utility to see whether any of the apps you have that can use iSight are running when your light comes on.  If not, consider the suggestions below.  If you do find any third-party apps that you do not want in the list, you can either force quit the app from Activity Monitor or follow the developer's instructions for how to uninstall the application(s).

     

    • You can  check your  > System Preferences > Users & Groups > Login Items to see whether anything that could use your iSight is starting automatically whenever you login.  If so, you can delete the app from the Login Items list.

     

    • If your problem persists, try resetting the SMC as suggested inhttp://support.apple.com/kb/HT2090 

     

    • If all else fails, ask your Apple Authorized Service Provider to check your iMac to be sure it is working properly.

     

     

    Message was edited by: EZ Jim

     

     

    Mac OSX 10.7.3

  • 6. Re: Webcam controlled remotely via a trojan/virus?
    Klaus1 Level 8 Level 8 (44,485 points)

    kat.hayes wrote:

     

    I noticed a couple times that the green light has been coming on for my webcam on my iMac. Are there any known trojans/viruses that can do this?

     

    Is there a way to determine if this is indeed ocurring?

     

    Thanks.

     

    Google is capable of activating that.

     

    Removal/prevention of Google cookies:

     

    http://www.google.com/privacy_ads.html

  • 7. Re: Webcam controlled remotely via a trojan/virus?
    Ralph Johns (UK) Level 9 Level 9 (67,490 points)

    Hi,

     

    In the past there was also this issue

     


    9:56 PM      Wednesday; April 11, 2012


    Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

     

      iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),

    "Limit the Logs to the Bits above Binary Images."  No, Seriously