• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 146
  • Last Modified:

Can Viruses spread while transferring Binary data with Winsock

Can Viruses spread while transferring Binary data via (TClientSocket/TServersocket) Winsock buffer stream across a network ?

I have a backup server application running on a machine that is not shared and is not connected to the internet.
My applications Client modules running on all machines connect via TClientSocket/TServersocket pair to the backup Server machine and transfer relevant data files. I am using Delphi on Windows.

Assuming that the data files are not yet infected but Client machine EXE's are infected with Ransomware Virus will the data be safe on the unshared backup server machine ?
0
Allan_Fernandes
Asked:
Allan_Fernandes
2 Solutions
 
LesterClaytonCommented:
Answer: No.  Applications written to use Windows Sockets won't arbitrarily start transmitting virusses even though the OS is infected.  Virusses can only be transmitted on application layer, and they propogate themselves, or rely on other software to propogate (for example, mail clients).  They don't work at lower layers, so applications you write can't spread the virus if if the client machine itself is infected.

You're more at risk if your clients are mapped with a network drive to the backup server, since the ransomware clients will attack any UNC paths the user has access to.  If you have no UNC shares, you're safe.
0
 
btanExec ConsultantCommented:
Ransomware can "spread" by network like thru RDP and mapped/unmapped network shared drives from an infected machine. E.g. LowLevel04. The spreading may be possible if there are other malware other than ransomware - such as the carrier (such as exploit kit) that exploited the machine and bring in or drop the  Ransomware. The exploit may hijack winsock layer to tamper or inject "addition" into the connection in session. Not seem so far for the Ransomware family though by itself to do that.
http://www.scmagazineuk.com/ransomware-using-remote-desktop-to-spread-itself/article/448377/

So if the machine is really isolated then I will say it is not possible to further spread and it can be contained. Backup data should not be accessible on the same machine of network shares otherwise it will be encrypted or deleted.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now