The term “malware” is short for malicious software and is used to refer to any software designed to infiltrate or damage a computer system without the owner's informed consent. Malware can include viruses, worms, Trojan horses, rootkits, adware, spyware and any other malicious and unwanted software. Many computer devices, such as desktop personal computers (PCs), laptops, personal data assistants (PDAs) and mobile phones can be at risk from malware. Computer systems running the Windows™ operating system are particularly at risk from malware, but all operating systems will be at some risk. Examples of other operating systems that could be at risk are Mac OS™, Linux™, Android™, iOS™, Windows Mobile™, and Blackberry OS™.
Computers which are compromised with malware can provide unauthorised people or unauthorised devices with access to personal information of the user of the computer. A particular breach of privacy is unauthorised access to a webcam connected to the computer such that an unauthorised person can view and/or capture video and photographs of the user or the room in which the webcam is located without the user of the computer being aware.
Computer users will typically run antivirus (AV) and/or internet security (IS) software applications, for example F-Secure's™ Anti-Virus and Internet Security applications, to detect malware and protect against malware attacks on their computer system. Detecting malware is challenging, as malware is usually designed to be difficult to detect, often employing technologies that deliberately hide the presence and processes of malware on a system. Consequently, anti-virus and internet security applications will use a large number of techniques in order to detect malware effectively, and reduce the risk of any malware going undetected. However, in the case of malware associated with webcam attacks, monitoring all possible methods that can be used to hide webcam use is not efficient and a more efficient detection scheme is required.
Most webcams have an indicating light which is typically switched on if the webcam is in use and is switched off if the webcam is not in use. If the indicating light is on, thereby indicating that the webcam is in use, and the user of the computer is not running an application which makes use of the webcam, such as Skype™, then the user will be able to notice the light and draw the conclusion that the webcam is being used by someone else. However, many webcams allow the user to switch off the light permanently. For example, a simple registry change can be used to switch off the light in Logitech™ cameras. This switch is vulnerable to a malware attack. A further problem of relying on the indicating light in the case of a hardware light, such as in Apple™ laptops, is that cam spies can merely take snapshots rather than video clips. In this case, the light only flashes briefly and the user may not have time to notice the light. Therefore, the webcam light may not, be a reliable means for detecting web spies.