Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Malware spread through a home network router?


  • Please log in to reply
5 replies to this topic

#1 smak451

smak451

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 13 July 2010 - 08:02 PM

If a desktop is suspected of having an infection can it spread to other computers in a home network if its connected to the router?

Desktop running XP, file sharing turned off, all router security protocols enabled (WPA entered as a long, random entry, as is router access password, SSID reset, remote login disabled, firwealls active). Is there anyway a worm or whatnot can crawl through into my other home computers should I need to access the desktop on a limited basis? Thanks!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:08 AM

Posted 13 July 2010 - 08:26 PM

In a word, yes. If a computer is infected in a network, it should be isolated from the other computers in the network to keep it from spreading infections.

In some instances, the router itself can become infected.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orecomm

Orecomm

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseburg, Oregon
  • Local time:08:08 AM

Posted 14 July 2010 - 12:43 PM

I agree with Orange, but you can minimize the risk by shutting off file sharing and any other services on the non-infected machines. You can also run a good scanner like NMAP to see what is really open/available on your machines. You might be surprised at how many open ports you really have. The best bet is to get another cheap wired-only router and connect it's WAN port to your local LAN, connect the "suspect" to a LAN port on the cheap router, and set it to block all traffic from it's LAN to your "local" LAN. You will need to change the LAN address on the cheap router so it doesn't conflict with your existing LAN before you hook it up. (I use 192.168.11.1 for my isolated network router, my home uses 192.168.1.1). If you need an assist setting up the address block let me know the model of router you are using for the isolated net. (generally it will be under the "security" settings, and for mine there are two rules, one to allow traffic to 192.168.1.1 (so DNS will work) and the second (in that order) to drop all traffic with source or destination on the 192.168.1.x network).

#4 smak451

smak451
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 14 July 2010 - 03:58 PM

Wow! I offer you guys my most heartfelt thanks! You're really nice people to be taking the time to help others out -- I was losing my faith in the human race given what's on my desktop -- def not suspect -- I'm dealing with a kernal based RK at least, if not a bootkit or hypervisor (God please don't this be on the firmware level)! Waiting on a reply, I know you're all busy but man this is agonizing! Credit bureaus, criminal rpts, the works! You guys are like the Good vs. the Evil that put this thing out there (crashes GMER in safe mode). Are the firmware varieties commonplace? Then I'll have to trash mobo and more! Sorry for venting, biting my nails here, but thanks so much! I'm keeping my Dr. jekyll turned Hyde beast unplugged for now! Thanks again, really. -- S

#5 Orecomm

Orecomm

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roseburg, Oregon
  • Local time:08:08 AM

Posted 14 July 2010 - 06:08 PM

Good luck on your battle with the Forces of PC Evil. I had a client machine recently with a similar situation. I found a partial solution by pulling the disk and mounting it on a USB adapter on a Linux machine to disinfect, but was never sure enough of having gotten it all to do anything but wipe the drive, low level reformat, and use it for a backup (non-bootable) drive for my non-Windows systems. I got a whole new drive for the "victim" and reinstalled everything from scratch. I was able to recover all of the photos on the original drive, though, which was the client's main concern. As far as I know firmware variants are still rare, particularly if the bad guys don't have physical access to the machine, but I'm not by any means a malware specialist (I contribute on this board because of all the help I have received from other Bleepers on the Malware side.)

May the Bits fall on your good side.

#6 smak451

smak451
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 15 July 2010 - 06:42 AM

Lol! Thanks man, just gotta roll with the punches. Bright side is I'm getting to speed pretty damn fast re: safe surfing and pc security. From what I've researched firmware variants are rare, and even if I had one I think I'd have the upper hand now in laying traps/wild goose chases for these jackarses going after what little I have! Let the bad guys waste a lot of time for little on the next go round...take care ps you're advice re: the extra router LAN/WAN (which I now know is decidedly different from WAP2) setup is a great one so as to separate business use from the rest of the family uses; I'll definitely act on that -- if you have any make/model suggestions let me know. Thanks again, Cheers -- S

Good luck on your battle with the Forces of PC Evil. I had a client machine recently with a similar situation. I found a partial solution by pulling the disk and mounting it on a USB adapter on a Linux machine to disinfect, but was never sure enough of having gotten it all to do anything but wipe the drive, low level reformat, and use it for a backup (non-bootable) drive for my non-Windows systems. I got a whole new drive for the "victim" and reinstalled everything from scratch. I was able to recover all of the photos on the original drive, though, which was the client's main concern. As far as I know firmware variants are still rare, particularly if the bad guys don't have physical access to the machine, but I'm not by any means a malware specialist (I contribute on this board because of all the help I have received from other Bleepers on the Malware side.)

May the Bits fall on your good side.


Edited by smak451, 15 July 2010 - 08:26 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users