On June 12th my Kaspersky reported a network worm attack on my computer from a specific IP address. I tried to find who they are and found their web address as being what appears to be a government domain in China. Why would they want to attack my computer? How do I prevent such attacks?
It’s unfortunate, but China – both its government and not – is getting a fairly bad reputation on the internet. A large majority of spam is now originating in China, and I frequently have to filter out comments on Ask Leo! which are clearly spam or scam attempts that also originate there.
China has an incredibly large number of people connected to the internet, but apparently with that comes both the bad and the good.
Why would they want to attack you?
I’m thinking that they don’t. At least not as in individual. (Unless you have some reason to be of specific interest to them, of course, which is unlikely in general.)
It’s much more likely that they’re doing the “standard” thing that worms and other network attacks do: they simply try to attack everyone. This means that they simply start with an IP address, see if there’s a computer there and then see if that computer is vulnerable to attack. If it is, they do so.
When they’re done with that IP address they simply move on to the next.
Very slowly they try to attack every computer on the internet. I’m guessing that they actually prioritize certain IP address blocks – like say “the United States” – but regardless of where they start, it’s pretty much a case where they’re simply trying to attack everyone, not just you.
It was just your turn to get probed.
We also need to talk briefly about what it means to be attacked, or what their intentions are if they do breach your system.
Once again, unless you’re somehow a person of interest to the attackers they’re probably not after anything specific about you – though of course if they were successful I suppose they could end up groveling around within your computer looking for passwords and accounts and other information for identity theft purposes.
What’s more likely is that they simply want to install a ‘bot, and add your computer to the zombie network of spam-sending machines out on the internet. Or whatever else a botnet might be used for.
How would you prevent the attack?
Well, you can’t control other people, so you’re not going to prevent the attack, but you can certainly prevent it from being successful.
As you already have.
The fact that Kaspersky alerted you means that it detected and prevented the attack. You’re done. You’re safe. Nothing to see here, move on.
In general, this is exactly why you need a firewall – these types of attacks are stopped cold by a NAT Router, or a properly configured software firewall.
That, and making sure that your machine’s software is up-to-date is all you need.