Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can malware snoop network data


  • Please log in to reply
8 replies to this topic

#1 helpmeplz2

helpmeplz2

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 03 May 2012 - 01:48 AM

HI, I was wondering (I know I sound paranoid)if this is possible:

On my home network is a Windows 7 laptop and my PC running Linux, anyway my family owns the network so I don't have much control over it. But their Windows laptop is totally infected (it totally shows every sign) but I don't really care about their laptop anyway. So I was wondering is it possible that the malware in their laptop could be watching my personal data being transmitted over the network?

I run Linux myself so I know I am not infected, so I am worried about being watched. Have you guys ever seen malware that does that?

Edited by hamluis, 03 May 2012 - 07:52 AM.
Moved from AV, Firewall to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 03 May 2012 - 04:00 AM

Yes, there is malware that has network sniffing capabilities to steal credentials.
Here is an example of the SDBOT: http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_SDBOT.UH

But even in the unlikely case that a network sniffer is installed on a PC in your home network, that doesn't automatically mean it can steal all your passwords. First of all, if you are both connected to the same LAN via a switch, the other PCs won't see your non-broadcast network traffic. Unlike hubs, switches don't forward traffic to all their ports, but only to the destination port.
Second, if you use encrypted network protocols like TLS (HTTPS), the sniffer will not see encrypted traffic, and won't be ablt to extract info like credentials from it.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 helpmeplz2

helpmeplz2
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 03 May 2012 - 04:07 AM

Yes, there is malware that has network sniffing capabilities to steal credentials.
Here is an example of the SDBOT: http://about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_SDBOT.UH

But even in the unlikely case that a network sniffer is installed on a PC in your home network, that doesn't automatically mean it can steal all your passwords. First of all, if you are both connected to the same LAN via a switch, the other PCs won't see your non-broadcast network traffic. Unlike hubs, switches don't forward traffic to all their ports, but only to the destination port.
Second, if you use encrypted network protocols like TLS (HTTPS), the sniffer will not see encrypted traffic, and won't be ablt to extract info like credentials from it.

Thanks for the reply.

Just how common is this sort of malware like 0.5% or less? And our network config is simply a wireless router.

And I was wondering, just how much could the malware see of my traffic? Like what my facebook profile is?

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:48 AM

Posted 03 May 2012 - 07:49 AM

<<...my family owns the network so I don't have much control over it. But their Windows laptop is totally infected>>

I'm not knowledgeable about malware...but I would guess that every system on a given infected network...is at risk, regardless of O/S. I would suggest that you be concerned about all computers on that network.

Louis

#5 helpmeplz2

helpmeplz2
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 03 May 2012 - 10:02 PM

So am I basically safe?

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 04 May 2012 - 09:30 AM

Just how common is this sort of malware like 0.5% or less? And our network config is simply a wireless router.

There are no stats regarding that.
You mean the infected desktop and your machine both connect via WiFi to the wireless router?

And I was wondering, just how much could the malware see of my traffic? Like what my facebook profile is?

That's what I tried to explain with my encrypted traffic comment. If you use HTTPS, the traffic is encrypted, and the sniffer will not be able to decrypt it.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 helpmeplz2

helpmeplz2
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 05 May 2012 - 02:10 AM


Just how common is this sort of malware like 0.5% or less? And our network config is simply a wireless router.

There are no stats regarding that.
You mean the infected desktop and your machine both connect via WiFi to the wireless router?

And I was wondering, just how much could the malware see of my traffic? Like what my facebook profile is?

That's what I tried to explain with my encrypted traffic comment. If you use HTTPS, the traffic is encrypted, and the sniffer will not be able to decrypt it.

I scanned the computer with the kaspersky rescue disk, and it said it was clean believe it or not. Does that mean I am clean?

#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 06 May 2012 - 01:34 PM

You mean the infected desktop and your machine both connect via WiFi to the wireless router?

What computer did you scan?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 helpmeplz2

helpmeplz2
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 07 May 2012 - 02:59 AM

You mean the infected desktop and your machine both connect via WiFi to the wireless router?

What computer did you scan?

No, the computer I thought was infected came back clean. Silly me. So does that mean that any chance of a packet sniffer is gone?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users