Solved

Can Viruses spread while transferring Binary data with Winsock

Posted on 2016-09-02
2
75 Views
Last Modified: 2016-09-02
Can Viruses spread while transferring Binary data via (TClientSocket/TServersocket) Winsock buffer stream across a network ?

I have a backup server application running on a machine that is not shared and is not connected to the internet.
My applications Client modules running on all machines connect via TClientSocket/TServersocket pair to the backup Server machine and transfer relevant data files. I am using Delphi on Windows.

Assuming that the data files are not yet infected but Client machine EXE's are infected with Ransomware Virus will the data be safe on the unshared backup server machine ?
0
Comment
Question by:Allan_Fernandes
2 Comments
 
LVL 18

Accepted Solution

by:
LesterClayton earned 300 total points
ID: 41781462
Answer: No.  Applications written to use Windows Sockets won't arbitrarily start transmitting virusses even though the OS is infected.  Virusses can only be transmitted on application layer, and they propogate themselves, or rely on other software to propogate (for example, mail clients).  They don't work at lower layers, so applications you write can't spread the virus if if the client machine itself is infected.

You're more at risk if your clients are mapped with a network drive to the backup server, since the ransomware clients will attack any UNC paths the user has access to.  If you have no UNC shares, you're safe.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 200 total points
ID: 41781529
Ransomware can "spread" by network like thru RDP and mapped/unmapped network shared drives from an infected machine. E.g. LowLevel04. The spreading may be possible if there are other malware other than ransomware - such as the carrier (such as exploit kit) that exploited the machine and bring in or drop the  Ransomware. The exploit may hijack winsock layer to tamper or inject "addition" into the connection in session. Not seem so far for the Ransomware family though by itself to do that.
http://www.scmagazineuk.com/ransomware-using-remote-desktop-to-spread-itself/article/448377/

So if the machine is really isolated then I will say it is not possible to further spread and it can be contained. Backup data should not be accessible on the same machine of network shares otherwise it will be encrypted or deleted.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction Raise your hands if you were as upset with FireMonkey as I was when I discovered that there was no TListview.  I use TListView in almost all of my applications I've written, and I was not going to compromise by resorting to TStringGrid…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question