Jump to content

How to Detect Worms


Recommended Posts

Hello!

I've been wondering how to detect if there is a worm on a device on your network. Would the worm be detected by malwarebytes and always reappear? Would it affect mobile devices such as android and iOS? What could someone do if they have doubts that a worm could be somewhere in the network? (my PC is clean but I do not know about every device on my network)

Thank you for your insights and I apologize for the trouble!

Link to post
Share on other sites

There are multiple types of worms.  Since they replicate from PC to PC they are a sub-type of virus.  There are multiple types of worms that use computer constructs and network protocols to spread.

Examples are those that uses email and TCP/IP protocols and the AutoRun/AutoPlay facility.

They are easily detected and removed by anti malware software such as Malwarebytes' Anti Malware.

Those that may exist on a network may use NetBIOS over IP, SMB and and other protocols.  They may use a combination of Exploit Code and authentication attacks to infect a PC.  Once a PC is infected it may seek others to infect and spread.

It is one reason I suggest blocking related TCP/UDP ports on a Router.

Some suggestions:

  • Disable acceptance of ICMP Pings
  • Change the Default Router password using a Strong Password
  • Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.
  • Disable Remote Management
  • Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network. Example: Keep IoT devices on one network and mobile devices on another.
  • Change the network name (SSID).  Do not use your; Name, Postal address or other personal information.  Make it unique or whimsical and known to your family/group.
  • Is the Router Firmware up-to-date ?  Updating the firmware mitigates exploitable vulnerabilities.
  • Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034
  • Document passwords created and store them in a safe but accessible location.

 

Example:
https://www.cisa.gov/news-events/alerts/2014/12/19/targeted-destructive-malware

 

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites

Thank you very much for your thorough response, David. I really appreciate it! :D
I still have some follow-up questions that I would like to ask:
1) You mentioned they replicate from PC to PC - can they also replicate from PC to mobile device such as android or iOS?
2) You also mentioned it's easily detectable through malwarebytes: Can I be assured that there is no worm on a device if malwarebytes or windows defender hasn't picked up anything?

Thank you very much for your insight, it's very valuable to me!

Link to post
Share on other sites

You're Welcome.

1. I answered that in you similar Android post.

42 minutes ago, David H. Lipman said:

A worm designed for a PC may not have the code to infect another OS and vice a versa.  They are written to target specific Operating Systems.

https://www.mcafee.com/blogs/mobile-security/chinese-worm-infects-thousands-android-phones/
https://www.f-secure.com/v-descs/worm-iphoneos-ikee.shtml

 

2.  Yes

Worms are well noted and detectable.  Malwarebytes is very good with them and using Microsoft Windows Defender and MBAM together will protect you well.

 

 

  • Like 1
Link to post
Share on other sites

Thanks David!
Sorry if I'm being a bit obnoxious but I have two more small questions:
Even if they're usually written for specific OS, how probable is it for a worm to also infect other OS? Is it common / a cause for concern?

Unrelated to that, I really appreciate you guys' work on this forum. Is there a way to support you guys' work?

Thank you and have a great day!

Link to post
Share on other sites

Very low probability but, it is a possibility.

2 minutes ago, Paranoid_Friendoid said:

Unrelated to that, I really appreciate you guys' work on this forum. Is there a way to support you guys' work?

You can make a donation to a Charity in the name of the Malwarebytes' Forum. 

yw.gif.1e355b8ccdbf29941dbbcbd38733efc3.gif

  • Like 2
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.