?
Solved

Can Viruses spread while transferring Binary data with Winsock

Posted on 2016-09-02
2
Medium Priority
?
137 Views
Last Modified: 2016-09-02
Can Viruses spread while transferring Binary data via (TClientSocket/TServersocket) Winsock buffer stream across a network ?

I have a backup server application running on a machine that is not shared and is not connected to the internet.
My applications Client modules running on all machines connect via TClientSocket/TServersocket pair to the backup Server machine and transfer relevant data files. I am using Delphi on Windows.

Assuming that the data files are not yet infected but Client machine EXE's are infected with Ransomware Virus will the data be safe on the unshared backup server machine ?
0
Comment
Question by:Allan_Fernandes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 18

Accepted Solution

by:
LesterClayton earned 1200 total points
ID: 41781462
Answer: No.  Applications written to use Windows Sockets won't arbitrarily start transmitting virusses even though the OS is infected.  Virusses can only be transmitted on application layer, and they propogate themselves, or rely on other software to propogate (for example, mail clients).  They don't work at lower layers, so applications you write can't spread the virus if if the client machine itself is infected.

You're more at risk if your clients are mapped with a network drive to the backup server, since the ransomware clients will attack any UNC paths the user has access to.  If you have no UNC shares, you're safe.
0
 
LVL 65

Assisted Solution

by:btan
btan earned 800 total points
ID: 41781529
Ransomware can "spread" by network like thru RDP and mapped/unmapped network shared drives from an infected machine. E.g. LowLevel04. The spreading may be possible if there are other malware other than ransomware - such as the carrier (such as exploit kit) that exploited the machine and bring in or drop the  Ransomware. The exploit may hijack winsock layer to tamper or inject "addition" into the connection in session. Not seem so far for the Ransomware family though by itself to do that.
http://www.scmagazineuk.com/ransomware-using-remote-desktop-to-spread-itself/article/448377/

So if the machine is really isolated then I will say it is not possible to further spread and it can be contained. Backup data should not be accessible on the same machine of network shares otherwise it will be encrypted or deleted.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
OfficeMate Freezes on login or does not load after login credentials are input.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question