Solved

Can Viruses spread while transferring Binary data with Winsock

Posted on 2016-09-02
2
119 Views
Last Modified: 2016-09-02
Can Viruses spread while transferring Binary data via (TClientSocket/TServersocket) Winsock buffer stream across a network ?

I have a backup server application running on a machine that is not shared and is not connected to the internet.
My applications Client modules running on all machines connect via TClientSocket/TServersocket pair to the backup Server machine and transfer relevant data files. I am using Delphi on Windows.

Assuming that the data files are not yet infected but Client machine EXE's are infected with Ransomware Virus will the data be safe on the unshared backup server machine ?
0
Comment
Question by:Allan_Fernandes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
LesterClayton earned 300 total points
ID: 41781462
Answer: No.  Applications written to use Windows Sockets won't arbitrarily start transmitting virusses even though the OS is infected.  Virusses can only be transmitted on application layer, and they propogate themselves, or rely on other software to propogate (for example, mail clients).  They don't work at lower layers, so applications you write can't spread the virus if if the client machine itself is infected.

You're more at risk if your clients are mapped with a network drive to the backup server, since the ransomware clients will attack any UNC paths the user has access to.  If you have no UNC shares, you're safe.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 200 total points
ID: 41781529
Ransomware can "spread" by network like thru RDP and mapped/unmapped network shared drives from an infected machine. E.g. LowLevel04. The spreading may be possible if there are other malware other than ransomware - such as the carrier (such as exploit kit) that exploited the machine and bring in or drop the  Ransomware. The exploit may hijack winsock layer to tamper or inject "addition" into the connection in session. Not seem so far for the Ransomware family though by itself to do that.
http://www.scmagazineuk.com/ransomware-using-remote-desktop-to-spread-itself/article/448377/

So if the machine is really isolated then I will say it is not possible to further spread and it can be contained. Backup data should not be accessible on the same machine of network shares otherwise it will be encrypted or deleted.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question