Skip to main content

I have been using Webroot Secure Anywhere (and its predecessors) for years.  I am very careful about the websites I visit and never venture past a Webroot green “Trust” recommendation and even then, always proceed with caution.  I examine URLs closely and have not clicked on any embedded email links (or attachments).  I update Win 10 & Chrome (“enhanced protection” is enabled) consistently,  check device “permissions” and “installed apps” regularly.  I don’t use social media .  I always buy decent-quality, new Dell laptops.  I live in a fairly sprawling condo complex with other law-abiding 55+ citizens.  I love making up complex PWs, disabling “remote management” features, and keeping firmware up to date in all my devices.  Yes, I’m a very boring person.  About three months ago, while on the CBS news website I got a “Windows Support Alert” screen that said “This Computer is Blocked” due to suspicious activity and I must call “Microsoft at 800-...”  immediately to unblock.  The red and blue screen maximized on my monitor with no method to minimize or close it.  Then my webcam activated inside a new window and showed me with newly-formed tiny sweat beads on my forehead.  I’m not one to panic, but the feeling is alot like walking on an unfamiliar street and having someone come up behind you and grab both your arms.  In lieu of doing something more sensible, I did a “hard” power-off on my laptop the powered-off my router.  I turned them both on a couple hours later and all seemed fine; my “Webroot Secure Anywhere” with a recent scan, all it’s features (Realtime Shield, Web Shield, & Firewall) toggled “on”, was indifferent: all systems were just fine, but I was not.  Because I was due for an upgrade anyway I replaced my modem & router with an Arris SB6183 and a TP link AC1750.   I also installed a cam cover.

Fast forward to yesterday.  I had not experienced a hint of underhanded internet activity since that dismal day in June.  I had just unpacked a new Dell laptop and finished installing Chrome and Webroot.  Normally I’d head right to Dell’s website to check for firmware updates, but got caught up in happily putting together what I thought would be a tasty grocery list on our local supermarket’s website.  Again, I got another “This Computer is Blocked” due to suspicious activity and I must call “Microsoft at 800-...”  immediately to unblock; I believe it was the same screen as I saw in June.  A webcam “window” did not activate this time probably because I shut-down right away, but I was still in a bit of shock and disbelief; how in the world is this happening & what am I doing wrong?  My ISP (Spectrum) is no help because I have my have my own equipment.

I really like Webroot and have “sold” countless of my friends on it.  But these “pop-ups”, especially coupled with taking-over of a webcam, are very unsettling & not normal.  I’ve heard the legend of Zuck’s post-it note, but my question is: Is Webroot helpless in preventing this type of simple attack?  Or is it me?  How in the world can anyone feel any semblance of online security when any bad actor can seemingly step in anytime they want?  

  

          

            

Hello @goco 

 

Please contact Webroot Support so they can look into this and give you a free security check.

 

Webroot Support:

Submit a ticket

Call 1-866-612-4227 Mon - Fri 7 AM to 5:30 PM (MDT)

 

Thanks,


Yes, thanks TripleH, will do.

But I’d still appreciate input from anyone with any insight as to how “camfecting” works; specifically, can someone, i.e. a hacker, remotely operate a Win 10 laptop’s webcam without having any of their software installed first? If in fact a laptop’s webcam is remotely operated at some point, does that mean residual software may still reside on the machine and be beyond the capabilities of Webroot to identify?        


A hacker would need to get Malware on to your system to take control so that’s why I suggested you contact Webroot support.

 

https://www.unilab.eu/articles/coffee-break/camfecting/

 

“What is camfecting and how can we defend ourselves? This term signifies the process by which the camfecter spies on everything in the field of vision of another person’s webcam, while operating it without the owner’s permission, usually after having infected their PC with a virus which grants access to the device.

In order to gain entry into a digital camera, the hacker usually sends his victim an apparently innocuous app, which contains a Trojan. After this has been automatically installed, the camfecter can connect to the device in complete freedom and make videos or take photos, as he acquires total control of the webcam.


Reply