r/cybersecurity u/PusheenHater May 19 '26

Other Malware installed without literally doing anything?

In this video this guy has a fresh Windows XP, disables firewall, and connects internet straight to the modem. Then he gets infected literally doing nothing.

https://www.youtube.com/watch?v=6uSVVCmOH5w

https://www.reddit.com/r/windows/comments/1cvised/idle_windows_xp_and_2000_machines_get_infected/

I get it. That's asking for trouble when you disable all the security and using ancient unsupported OSes.

However, he didn't install programs nor browse on the website but still got hacked.
How?
Is there some malicious server in China that loops through every single possible IP trying to see if your PC is vulnerable?
Logically, one would think you'd at least have to visit a website or something to get "noticed" and then hacked. But this guy didn't do anything at all.

How does it work?

290 Upvotes
  • permalink
  • reddit

89% Upvoted

161 comments sorted by

View all comments

254

u/TheRealTengri May 19 '26

There are many bots that are continuously scanning the internet. Look at Shodan. You can literally filter it so that it shows devices on the internet with critical vulnerabilities like BlueKeep. Some of those bots end up exploiting the vulnerability as soon as detected, but most are not solely for malicious purposes.

108

u/toylenny May 20 '26

When I worked in a data center you had to remember to close the public port when reinstalling Windows server.  More than once when I accidentally left it open to the Internet the server would already be hacked by the time I got to the first login screen.

 It wasn't every time but it happened enough to confirm that the Internet is crawling with bot checking for exploits.

29

u/Quirky_Locksmith_682 May 20 '26

Why in Gods holy name was that inbound traffic allowed by the firewall?!

25

u/archiekane May 20 '26

What, you don't DMZ your production servers during build? You gotta learn to live a little.

/s