[SOLVED] Getting Malware by Connecting to Network?

[hanger644]

To preface this, I clicked on a malicious link a month ago or so and I am concerned that it may have been able to infect my wifi network.

I have a clean computer and I booted it up offline to see if everything was in working order. However through the first time Windows set up, I was asked if i wanted to connect to a number of networks, one of which was the wifi in question. I made sure not to connect to any networks and start offline.

My question is, if a network has some kind of malware on it, wouldnt you have to sign in with your password and actually successfully CONNECT to the wifi for the malware to potentially infect your system?

thank you

 

[Ralston18]

What was the nature of that malicious link?

I would like to say there is no threat and that your system and/or wireless network could not be somehow infected.

Overall things are bit more complicated.... And details matter.

Clarify: your wifi network name (SSID) is not the same as the "wifi in question" - correct?

If a hosted network computer is infected then data from that hosted network computer could infect your computer when your computer is joined to that network.

And there are other things: routers etc, that can also be infected so there can be threats there.

Reference:

https://www.lifewire.com/can-a-router-get-a-virus-4768395

(Google "can routers spread viruses" to learn more about such threats.)

If I follow correctly you re-installed and/or re-configured your computer's wireless network adapter after clicking the malicious link - correct?

During re-configuration your computer's wireless network adapter will present all of the wireless networks it finds. Could be quite a number of wireless networks depending on where you live. And some networks may appear and disappear depending on local conditions, interference, and signal strengths and so forth. Plus new wireless networks being created and perhaps old ones taken down - disappearing thereafter.

And that re-configuration process includes selecting the wireless network (SSID) that you wish to connect to and that you provide the necessary sign-in information (user name and password) to actually connect. Barring hot spots that are publicly available to anyone. Always treat as those hot spots as insecure.

So just seeing a suspect wifi network presents no harm or risk of infection. However, if you do connect (or get connected) to that network and share data with computers on that network then yes you could get infected. And possible via the network router.

Are you running AV software on all of your network devices? Are the firewalls enabled?

Use the available defenses. Ensure that all important data is backed up, proven recoverable and readable.

Have emergency disks ready to restore any compromised systems.

 

[hanger644]

Thanks for getting back to me. The link I clicked on was a Amazon scam message that I opened absentmindedly. However, i did not input any of my info, but thats another story.

what’s important is, at the time, I believed that I COULD have gotten a virus, and that the possibility that it could have spread to the network I was using at the time exsisted (I believe you used the term SSID which if i’m correct, is the network that appears on the list of available networks like you said).

Since then, I had my PC wiped and cleaned, but I booted it up offline just to see if it was working, and during the start up phase i was asked if i wanted to connect to any networks to which i said no. seeing as it was wiped clean, to test that I couldn't have possibly connected to the network in question, and knowing that it was password blocked, i clicked connect, and I was presented with a prompt to enter my password, which I did NOT. I just did this to assure myself that my PC couldn’t have connected to the network automatically. I was just wondering if I could have gotten malware from the network in question by doing this.

Thanks in advance for helping me clarify this.

 

[Ralston18]

You are welcome.

When you have the time or inclination there is a way to learn much more about your wireless environment.

On a computer that is using wireless network connectivity type "netsh wlan show all" (without quotes) via the Command Prompt.

Reference:

https://www.webservertalk.com/netsh-wlan-commands

I am always amazed at the number of SSID's that get listed....

Easy to find other similar tutorials and explanations.

netsh help

The following commands are available:

Commands in this context:
? - Displays a list of commands.
add - Adds a configuration entry to a list of entries.
advfirewall - Changes to the netsh advfirewall' context. branchcache - Changes to the netsh branchcache' context.
bridge - Changes to the netsh bridge' context. delete - Deletes a configuration entry from a list of entries. dhcpclient - Changes to the netsh dhcpclient' context.
dnsclient - Changes to the netsh dnsclient' context. dump - Displays a configuration script. exec - Runs a script file. firewall - Changes to the netsh firewall' context.
help - Displays a list of commands.
http - Changes to the netsh http' context. interface - Changes to the netsh interface' context.
ipsec - Changes to the netsh ipsec' context. lan - Changes to the netsh lan' context.
mbn - Changes to the netsh mbn' context. namespace - Changes to the netsh namespace' context.
netio - Changes to the netsh netio' context. p2p - Changes to the netsh p2p' context.
ras - Changes to the netsh ras' context. rpc - Changes to the netsh rpc' context.
set - Updates configuration settings.
show - Displays information.
trace - Changes to the netsh trace' context. wcn - Changes to the netsh wcn' context.
wfp - Changes to the netsh wfp' context. winhttp - Changes to the netsh winhttp' context.
winsock - Changes to the netsh winsock' context. wlan - Changes to the netsh wlan' context.

The following sub-contexts are available:
advfirewall branchcache bridge dhcpclient dnsclient firewall http interface ipsec lan mbn namespace netio p2p ras rpc trace wcn wfp winhttp winsock wlan