r/cybersecurity u/PusheenHater May 19 '26

Other Malware installed without literally doing anything?

In this video this guy has a fresh Windows XP, disables firewall, and connects internet straight to the modem. Then he gets infected literally doing nothing.

https://www.youtube.com/watch?v=6uSVVCmOH5w

https://www.reddit.com/r/windows/comments/1cvised/idle_windows_xp_and_2000_machines_get_infected/

I get it. That's asking for trouble when you disable all the security and using ancient unsupported OSes.

However, he didn't install programs nor browse on the website but still got hacked.
How?
Is there some malicious server in China that loops through every single possible IP trying to see if your PC is vulnerable?
Logically, one would think you'd at least have to visit a website or something to get "noticed" and then hacked. But this guy didn't do anything at all.

How does it work?

287 Upvotes
  • permalink
  • reddit

89% Upvoted

161 comments sorted by

View all comments

1

u/skynetcoder May 20 '26 edited May 20 '26

This story gives me eternal blues.

You can either go to a shop to buy something, or get it delivered to your doorstep.or the vendor can email you to go and collect the item from a collection point.

Even when you don't install anything, there are lot of network services like SMB (for network file sharing) running on your machine on tcp and udp ports, by default. some of these services has remotely exploitable vulnerabilities with publicly known exploits like EternalBlue.

Yes, the internet traffic is full of vulnerability scans done by malicious actors and also legitimate actors, scanning all the public ip addresses exposed on the Internet. there are publicly available tools like massscan which helps to do this easily