Detecting Malicious Malware


Posted by Gabriel under Uncategorized  . Comments: Comments Off

Malware can infect networks and devices and is designed to harm those devices, networks and their users in some way. While many malware spreads through email, web links or other means, some computers, routers and mobile devices are more vulnerable, so learning how to avoid malware is important. These devices are often configured to allow unauthorized connections.

This article covers techniques to detect malicious connections and exploits that can enable malware to gain control over vulnerable devices. Also included are several simple ways to block malware that try to infect your devices.

Common methods for detecting malicious traffic

Enumerating incoming connections on affected devices

Many network connections originate from a variety of devices, such as cellular phones, smartphones, Ethernet cable modems, USB cards, and other devices. Depending on the type of device, these devices may be provided by your carrier or may be a specific manufacturer.

One of the more basic techniques to detect malicious connections is to look at incoming traffic to the network. This is usually accomplished using a simple IP or hostname probe. For example, the following network scan will show incoming traffic to your computer from your smartphone:

Download the Mobile Scan app from the Apple App Store or Google Play Store for Android Devices:

Enter the following in the Mobile Scan app:

Mobile Address Port Source MAC Address – This is the same as what is shown above. It is one way to test the presence of malicious traffic on the device.

Browse to the link above where you are asked to allow access to certain devices from your network. If any devices on your network are listed, your mobile device may be vulnerable to malicious connections.

If your mobile device is vulnerable to a specific attack, you can easily locate the affected device and use the Mobile Scan app to perform scans and checks on your vulnerable device. If the device is not vulnerable, a mobile scan will not show any malicious traffic.

A range of different ways to scan for networks on Android devices can be found on the Android Project website.

The device owner should know, however, that there are many more ways for a malicious hacker to compromise their own device. For example, a user with a default or compromised username and password may allow any machine on the network to send and receive data. This could potentially allow an attacker to do anything they like, from sniffing traffic, stealing credentials or activating one of many other attacks.

When scanning for suspicious network traffic on a device, you may also see the message:

“Your IP address may be vulnerable. Connecting to the Internet may lead to malware.”

This appears when there is a mismatch between the MAC address and the IP address on the device, or when the wrong address is sent. For example:

In this case, a connection may be attempting to connect to an IP address known to be associated with malware and will fail. Another possible cause for this message is if an attempt was made to send a malicious command to the device. This occurs when the user sends an invalid command such as a command that can lead to the installation of malicious code.

  • Share/Bookmark
 

Join Our Email List

Email:

Search


  • The Kids Grow Up on Facebook
  • Recent Comments