Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected or exploited application with no access to the internet


  • Please log in to reply
5 replies to this topic

#1 xspeed

xspeed

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 31 May 2017 - 02:07 AM

Can someone say please, if an installed software on Windows is infected, or has open exploits, but has no outbound/inbound access to the internet(being blocked by Windows Firewall) to be itself-directly a risk for the system?

 

 



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 PM

Posted 31 May 2017 - 11:56 AM

Yes, it can be a risk.

 

For example, there is malware that injects code in the browser (e.g. Internet Explorer) which has access to the Internet.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 TheQuestion

TheQuestion

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:28 AM

Posted 01 June 2017 - 09:07 AM

It may help to clarify what is generally understood when discussing Risk.

 

Basic Definition of Risk

The likelihood that a threat will exploit a vulnerability on a given system.

In your situation you have identified a vulnerable system, now you need to determine the likely threats (malicious actors, human error, etc).  Next is to determine the likelihood that the determined threat will exploit the identified vulnerability.  We can help highlight the potential avenues of exploitation, and assist in identifying mitigating factors, but the final determination will mostly have to fall to you.

 

With that said, yes the application is a risk to the system. The fact that it has no direct access to the Internet is a mitigating factor, but applications are not islands unto themselves and will interact with other applications on the system, which can provide an avenue for exploitation (as Didier pointed out above).

 

We will not be able to provide much in the way of specifics without more information regarding the nature of the program in question.


Edited by TheQuestion, 01 June 2017 - 09:08 AM.


#4 xspeed

xspeed
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 01 June 2017 - 03:35 PM

With appreciation Didier Stevens & TheQuestion,

 

The question was maybe more as a information, to prevent, supposing if would happen that situation...

 

For the moment, I consider/think/hope that the systems or any applications are not infected/exploited, still everything works great.

 

Best wishes.



#5 GoofProg

GoofProg

  • Banned
  • 224 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 12 June 2017 - 02:02 PM

Can someone say please, if an installed software on Windows is infected, or has open exploits, but has no outbound/inbound access to the internet(being blocked by Windows Firewall) to be itself-directly a risk for the system?

 

 

So <let me get this.....>
If you install cracked software that is disabled to connecting through the firewall then is it a risk to the system.

Run it in a virtual with no network interface.if it is not to be trusted at all.



#6 dantose

dantose

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 12 June 2017 - 05:58 PM

Can someone say please, if an installed software on Windows is infected, or has open exploits, but has no outbound/inbound access to the internet(being blocked by Windows Firewall) to be itself-directly a risk for the system?

 

 

Yes. 

 

An example of this in action would be STUXNET, which was used to gain access and damage air gapped systems. If that program is infected, it doesn't NEED to pull data from the internet. It's already got the code on the local system. 

 

Also, there are workarounds for many firewall rules. For example, you might block a cracked version of, Let's say photoshop, from the internet via windows firewall. Let's even say the attacker wants to gain remote access to your system rather than a ransomware attack or something. Well, if it can escalate privileges, it might very well be able to disable windows firewall. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users