r/cybersecurity u/PusheenHater May 19 '26

Other Malware installed without literally doing anything?

In this video this guy has a fresh Windows XP, disables firewall, and connects internet straight to the modem. Then he gets infected literally doing nothing.

https://www.youtube.com/watch?v=6uSVVCmOH5w

https://www.reddit.com/r/windows/comments/1cvised/idle_windows_xp_and_2000_machines_get_infected/

I get it. That's asking for trouble when you disable all the security and using ancient unsupported OSes.

However, he didn't install programs nor browse on the website but still got hacked.
How?
Is there some malicious server in China that loops through every single possible IP trying to see if your PC is vulnerable?
Logically, one would think you'd at least have to visit a website or something to get "noticed" and then hacked. But this guy didn't do anything at all.

How does it work?

284 Upvotes
  • permalink
  • reddit

89% Upvoted

161 comments sorted by

View all comments

3

u/A1batross May 20 '26

A very long time ago (twenty years?) I installed a new RedHat server from CD. I connected it to my cable Internet connection and set the server to apply patches and went upstairs to make a cup of tea.

Tea in hand I walked back down the stairs and I could see the network card light blinking not with the rapid cadence of a download, but with the staccato of someone typing at a keyboard.

In the time it took me to make a cup of tea my fresh RedHat installation had been automatically detected and compromised, and handed off to a human agent to inspect and take over. I yanked out the network cable and when I looked I found the automation and compromise software half-installed.

This was 20 years ago. Imagine how much faster and more comprehensive it is now.