Helping people with computers... one answer at a time.

Internet connected computers are constantly probed for vulnerabilities. Many come from China, but safety steps are the same no matter where from.

On June 12th my Kaspersky reported a network worm attack on my computer from a specific IP address. I tried to find who they are and found their web address as being what appears to be a government domain in China. Why would they want to attack my computer? How do I prevent such attacks?

It's unfortunate, but China - both its government and not - is getting a fairly bad reputation on the internet. A large majority of spam is now originating in China, and I frequently have to filter out comments on Ask Leo! which are clearly spam or scam attempts that also originate there.

China has an incredibly large number of people connected to the internet, but apparently with that comes both the bad and the good.

Why would they want to attack you?

I'm thinking that they don't. At least not as in individual. (Unless you have some reason to be of specific interest to them, of course, which is unlikely in general.)

"... this is exactly why you need a firewall ..."

It's much more likely that they're doing the "standard" thing that worms and other network attacks do: they simply try to attack everyone. This means that they simply start with an IP address, see if there's a computer there and then see if that computer is vulnerable to attack. If it is, they do so.

When they're done with that IP address they simply move on to the next.

Very slowly they try to attack every computer on the internet. I'm guessing that they actually prioritize certain IP address blocks - like say "the United States" - but regardless of where they start, it's pretty much a case where they're simply trying to attack everyone, not just you.

It was just your turn to get probed.

We also need to talk briefly about what it means to be attacked, or what their intentions are if they do breach your system.

Once again, unless you're somehow a person of interest to the attackers they're probably not after anything specific about you - though of course if they were successful I suppose they could end up groveling around within your computer looking for passwords and accounts and other information for identity theft purposes.

What's more likely is that they simply want to install a 'bot, and add your computer to the zombie network of spam-sending machines out on the internet. Or whatever else a botnet might be used for.

How would you prevent the attack?

Well, you can't control other people, so you're not going to prevent the attack, but you can certainly prevent it from being successful.

As you already have.

The fact that Kaspersky alerted you means that it detected and prevented the attack. You're done. You're safe. Nothing to see here, move on.

In general, this is exactly why you need a firewall - these types of attacks are stopped cold by a NAT Router, or a properly configured software firewall.

That, and making sure that your machine's software is up-to-date is all you need.

Article C3761 - June 13, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

5 Comments
Michael Camp
June 16, 2009 9:53 AM

Leo, You are bang on in your comment "they actually prioritize certain IP address blocks". The smarter ones try to on blocks that are "static" addresses assigned by service providers to small businesses thinking that small businesses will be less protected and have a greater payoff upon successful intrusion. Too many smaller businesses believe that their relative size is a form of protection unto itself. Not so.

Catmoves
June 16, 2009 5:23 PM

From what I read, Leo, the government of China is making various attacks on whatever American computers it can, hoping to find a way to create havoc just in case. Apparently they have breached the Pentagon's computers several times. Your tactics should keep them out of our personal computers. Thank you.

Charles Olinda
June 16, 2009 8:31 PM

Hi Leo!

About 12 years ago I read with interest an article in Wired magazine about China digging, sometimes by hand, trenches to bury fiber optics. This would connect the major cities in China , thus creating a huge Intranet .... their goal was to only have one connection to the Internet, giving the Government more control. I wonder ... if the Network attack originated from within their Intranet, is it exiting via their one Internet connection?

Also something to think about, this Intranet if hooked to the Radar Defense system cold possibly couple the radar into a large format for the country ... I have more thoughts but would rather discuss off line.

Thanks for a great column!

Charlie
###

John Neeting
June 18, 2009 5:41 PM

Your spot on about china. It used to be Russia, India, Hong Kong, Taiwan. Peer Guardian 2 blocks
over 900 million URL's [ All government servers as well - and it's FREE ] and Avast squashes anything else.

Ishwar
December 5, 2012 7:36 AM

i have received network attack from different location of China two time this week.
Both time my kaspersky blocked attack..
How Cheap & disgusting people who want to hack others system..
Thank you Kaspersky:-)

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.