CamStudio

Last updated
CamStudio
Developer(s) nickthegeek, windycity, wolfpackmars2, romulus9, jpetroules, gotschai, bleeblap
Initial releaseOctober 21, 2001;22 years ago (2001-10-21)
Stable release
2.7.4 r354 [1]   OOjs UI icon edit-ltr-progressive.svg / 10 August 2016
Written in C++
Operating system Microsoft Windows
Available inEnglish
Type Screencasting software
License GNU General Public License
Website sourceforge.net/projects/camstudio/

CamStudio is an open-source screencasting program for Microsoft Windows released as free software. The software renders videos in an AVI format. It can also convert these AVIs into Flash Video format, embedded in SWF files. CamStudio is written in C++, but CamStudio 3 will be developed in C#. The program has distributed malware and harmful viruses via the installer. [2]

Contents

History

Adobe CamStudio Player v2.0 icon.png

The original CamStudio was released as an open source product by RenderSoft software in October 2001. [3] The source code license was converted to the GNU General Public License in December 2002 with release 1.8. [4] The Source code of versions 1.0, 1.4 and 2.0 are still available at SourceForge.

In 2003, the company was acquired by eHelp Corporation who owned a competing product called RoboDemo (now called Adobe Captivate [5] [6] [7] ). eHelp Corporation released an updated version as CamStudio 2.1 under a proprietary software license only and removed the ability to create SWFs. [8] A succession of acquisitions led to the company being owned by Adobe.

Development of CamStudio 2.0 (the last open-source version) was resumed and released as free software again in September 2007 with the CamStudio 2.5 Beta 1 release. [9] Accordingly, it was re-branded as CamStudio Open Source.

CamStudio 3 is a complete rewrite of the project in the pre-alpha stages of development as of April 19, 2010[ needs update ]. [10]

Malicious software

There have been ongoing reports about malicious code contained in some binaries of the software. In 2013, Google-run website VirusTotal declared that CamStudio contains malicious software, where most anti-virus programs detected Artemis Trojan in CamStudio installer file. [2] In January 2014, the binary on the webpage was reported to be infected with the trojan, Artemis!0FEA2B12900D.[ citation needed ]

In March 2016, the developers of CamStudio reported via forum post that the ad wrapper in the CamStudio installer had been removed and that it no longer offers third-party software or installs malware; however, they did not provide evidence of independent verification in the post. [11] In a VirusTotal analysis of the installer acquired from the official download URL on 10 August 2016, AVware, Dr. Web and VIPRE antivirus tools said it was infected with "InstallCore" while the remaining 51 said it was clean. [12] [13]

A VirusTotal analysis of the installer acquired from the official download URL on 14 February 2017, 31 out of 55 antivirus tools reported malicious content, mostly showing InstallCore. [14]

A second analysis of the installer acquired from the official download URL on 8 March 2017, 17 out of 60 antivirus tools reported malicious content, mostly showing InstallCore. [15]

In 2019, the installer was still infected, being detected by 22 out of 68 engines. [16] As of 23 September 2019, the installer offered via SourceForge appears to be finally virus-free. [17]

As of 10 March 2020, the installer offered via the official website [18] was reported to be infected by 20 out of 70 engines [19] and the download URL was reported malicious by ESET engine. [20]

As of 2022, the installer offered via the official website [21] was reported as malware by just 2 of 93 scanners. [22] [23]

See also

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

<span class="mw-page-title-main">Scareware</span> Malware designed to elicit fear, shock, or anxiety

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

<span class="mw-page-title-main">WinFixer</span> Rogue security software

WinFixer was a family of scareware rogue security programs developed by Winsoftware which claimed to repair computer system problems on Microsoft Windows computers if a user purchased the full version of the software. The software was mainly installed without the user's consent. McAfee claimed that "the primary function of the free version appears to be to alarm the user into paying for registration, at least partially based on false or erroneous detections." The program prompted the user to purchase a paid copy of the program.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

Torpig, also known as Anserin or Sinowal is a type of botnet spread through systems compromised by the Mebroot rootkit by a variety of trojan horses for the purpose of collecting sensitive personal and corporate data such as bank account and credit card information. It targets computers that use Microsoft Windows, recruiting a network of zombies for the botnet. Torpig circumvents antivirus software through the use of rootkit technology and scans the infected system for credentials, accounts and passwords as well as potentially allowing attackers full access to the computer. It is also purportedly capable of modifying data on the computer, and can perform man-in-the-browser attacks.

<span class="mw-page-title-main">CCleaner</span> Suite of utilities for cleaning disk and operating system environment

CCleaner, developed by Piriform Software, is a utility used to clean potentially unwanted files and invalid Windows Registry entries from a computer. It is one of the longest-established system cleaners, first launched in 2004. It was originally developed for Microsoft Windows only, but in 2012, a macOS version was released. An Android version was released in 2014.

<span class="mw-page-title-main">VirusTotal</span> Cybersecurity website owned by Chronicle

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

OpenCandy was an adware module and a potentially unwanted program classified as malware by many anti-virus vendors. They flagged OpenCandy due to its undesirable side-effects. It was designed to run during installation of other desired software. Produced by SweetLabs, it consisted of a Microsoft Windows library incorporated in a Windows Installer. When a user installed an application that had bundled the OpenCandy library, an option appeared to install software it recommended based on a scan of the user's system and geolocation. Both the option and offers it generated were selected by default and would be installed unless the user unchecked them before continuing with the installation.

MS Antivirus is a scareware rogue anti-virus which purports to remove virus infections found on a computer running Microsoft Windows. It attempts to scam the user into purchasing a "full version" of the software. The company and the individuals behind Bakasoftware operated under other different 'company' names, including Innovagest2000, Innovative Marketing Ukraine, Pandora Software, LocusSoftware, etc.

<span class="mw-page-title-main">Genieo</span> Israeli company specializing in Mac malware

Genieo Innovation is an Israeli company, specializing in unwanted software which includes advertising and user tracking software, commonly referred to as a potentially unwanted program, adware, privacy-invasive software, grayware, or malware. They are best known for Genieo, an application of this type. They also own and operate InstallMac which distributes additional 'optional' search modifying software with other applications. In 2014, Genieo Innovation was acquired for $34 million by Somoto, another company which "bundles legitimate applications with offers for additional third party applications that may be unwanted by the user". This sector of the Israeli software industry is frequently referred to as Download Valley.

<span class="mw-page-title-main">Malvertising</span> Use of online advertisement or advertising to spread malware

Malvertising is the use of online advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. Because advertising content can be inserted into high-profile and reputable websites, malvertising provides malefactors an opportunity to push their attacks to web users who might not otherwise see the ads, due to firewalls, more safety precautions, or the like. Malvertising is "attractive to attackers because they 'can be easily spread across a large number of legitimate websites without directly compromising those websites'."

LizaMoon is a piece of malware that infected thousands of websites beginning in September, 2010. It is an SQL injection attack that spreads scareware encouraging users to install needless and rogue "anti-virus software". Although it does not use new infection techniques, it was initially thought to be notable based on the scale and speed at which it spread, and that it affected some of Apple's iTunes service. LizaMoon was initially reported to the general public by Websense Security Lab.

Sality is the classification for a family of malicious software (malware), which infects Microsoft Windows systems files. Sality was first discovered in 2003 and has advanced to become a dynamic, enduring and full-featured form of malicious code. Systems infected with Sality may communicate over a peer-to-peer (P2P) network to form a botnet to relay spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks to process intensive tasks. Since 2010, certain variants of Sality have also incorporated rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered one of the most complex and formidable forms of malware to date.

Slenfbot is the classification for a family of malicious software (malware), which infects files on Microsoft Windows systems. Slenfbot was first discovered in 2007 and, since then, numerous variants have followed; each with slightly different characteristics and new additions to the worm's payload, such as the ability to provide the attacker with unauthorized access to the compromised host. Slenfbot primarily spreads by luring users to follow links to websites, which contain a malicious payload. Slenfbot propagates via instant messaging applications, removable drives and/or the local network via network shares. The code for Slenfbot appears to be closely managed, which may provide attribution to a single group and/or indicate that a large portion of the code is shared amongst multiple groups. The inclusion of other malware families and variants as well as its own continuous evolution, makes Slenfbot a highly effective downloader with a propensity to cause even more damage to compromised systems.

References

  1. "CamStudio - Free Screen Recording Software". 15 December 2020. Archived from the original on 15 December 2020.
  2. 1 2 "Antivirus scan for 15611846820c3eb828a7e1ec837f4747b3190e18bc84c45edddf3ac8d8145be9 at 2014-01-12 23:07:32 UTC". VirusTotal. Retrieved 2016-09-18.
  3. "source code for CamStudio v1.0 to v1.25s (archive.org)". Archived from the original on 2002-12-17.
  4. "source code for CamStudio v1.8s is now under GPL (archive.org)". Archived from the original on 2003-02-10.
  5. "Introducing Macromedia Captivate (adobe.com)". Archived from the original on March 27, 2009. Retrieved 2009-10-22.
  6. "Webinar: Captivate + Connect Pro (adobe.com)". 2009-10-19. Archived from the original on 2011-09-28. Retrieved 2009-10-22.
  7. "Introducing Adobe Captivate 2: Changing the way you author interactive content (adobe.com)". Archived from the original on February 10, 2009. Retrieved 2009-10-22.
  8. "Free Screen Recording Software". CamStudio. 2013-10-19. Retrieved 2016-09-18.
  9. "CamStudio 2.5 Beta 1 Released". Archived from the original on 2007-10-27. Retrieved 2007-11-05.
  10. "CamStudio 3.0 – CamStudio Support Forum". CamStudio.org. 13 August 2010. Retrieved 2016-09-18.
  11. "Fantastic News! CamStudio is finally on Google's Compliant Apps List! – CamStudio Support Forum". CamStudio.org. 11 June 2016. Retrieved 2016-09-18.
  12. "Analysis of the download URL". VirusTotal . 10 August 2016.
  13. "Analysis of the downloaded payload". VirusTotal . 10 August 2016.
  14. "Antivirus scan for a0fd943e186208d0f9c1072967c3c5316d660e97c2afd36080ab1f8c10404f4f at 2017-02-14 15:11:01 UTC – VirusTotal". virustotal.com. Retrieved 2017-02-14.
  15. "Antivirus scan for camstudio.exe". virustotal.com. Retrieved 2017-03-08.
  16. "VirusTotal".
  17. "VirusTotal".
  18. "CamStudio – Free Screen Recording Software". camstudio.org. Archived from the original on 10 March 2020. Retrieved 12 January 2022.
  19. "VirusTotal".
  20. "VirusTotal".
  21. "CamStudio - Free Screen Recording Software". camstudio.org.
  22. "VirusTotal".
  23. "Eassiy".