Someone connected Windows XP to the internet, and it didn't survive long
xda-developers.comThe article is commentating on this video: https://www.youtube.com/watch?v=6uSVVCmOH5w
FTA:
> As Eric explains, you don't even need to browse the internet to catch something nasty on a Windows XP machine. Hackers can use tools to scan the web for computers running vulnerable operating systems. And once they locate one (like someone going online with a decades-old operating system, for instance), they immediately begin bombarding it with viruses. Sure enough, Eric leaves the system "to cook" for a few minutes, and once he returns, there are tell-tale signs in the Task Manager that something nasty has gotten in.
> Granted, Eric turned off the firewall on Windows XP before he started the experiment, but we have a sneaking suspicion that a security suite that hasn't been updated for at least a decade doesn't have much chance against modern tactics.
How would've they located or infected the machine with no user activity had the firewall been left on or even if the box was just behind a NAT router? Running that experiment might prove much less interesting. I've run many Windows XP VMs in recent years on firewalled networks without incident.
Alright so the claim is that "hackers" are constantly scanning the internet in search for vulnerable systems and a few minutes is enough for the "hackers" to find it and infect it. There are more than 4.3 billion IPv4 addresses, assuming a probe takes like 10 seconds to identity the IP, it would take more than 1000 years to scan all of the internet. Even if you use a distributed botnet it would be like finding a needle in a haystack. Ok let's ignore that and assume they found the XP machine. Typical viruses and Trojans require the user to download and execute an infected file but this assumes unattended infection. Not saying it's impossible, as there are exploits that can open a back door but dedicating so much time and effort to hack an old machine that is not a high profile target seems unlikely.
In 2019, Microsoft released a patch for WinXP because there was a remote code execution vulnerability, and there were enough WinXP machines still around to make this a big deal. A machine without this one patch would still be immediately vulnerable.
Was this remotely exploitable with the firewall on (the default setting) and no user activity? Would love to learn more if you have any details or links - thank you.
https://krebsonsecurity.com/2019/05/microsoft-patches-wormab...
Looks like I misread and this requires RDP to be enabled, which is not the default. But it was pretty common, Rob Graham counted almost one million hosts. https://blog.erratasec.com/2019/05/almost-one-million-vulner...
Thanks for the kind followup - I was on a bad mobile connection and couldn't dig around.
I wonder how ReactOS does as it is Windows XP/2003 compatible?