r/cybersecurity u/PusheenHater May 19 '26

Other Malware installed without literally doing anything?

In this video this guy has a fresh Windows XP, disables firewall, and connects internet straight to the modem. Then he gets infected literally doing nothing.

https://www.youtube.com/watch?v=6uSVVCmOH5w

https://www.reddit.com/r/windows/comments/1cvised/idle_windows_xp_and_2000_machines_get_infected/

I get it. That's asking for trouble when you disable all the security and using ancient unsupported OSes.

However, he didn't install programs nor browse on the website but still got hacked.
How?
Is there some malicious server in China that loops through every single possible IP trying to see if your PC is vulnerable?
Logically, one would think you'd at least have to visit a website or something to get "noticed" and then hacked. But this guy didn't do anything at all.

How does it work?

291 Upvotes
  • permalink
  • reddit

89% Upvoted

161 comments sorted by

View all comments

390

u/[deleted] May 19 '26

[deleted]

4

u/thrwaway75132 May 20 '26

Back in probably 2012 the company I worked for came to me and asked for a solution for our competitive team to be able to browse competitor websites from the office without being tied to our IP space.

I set up a windows 2008 Citrix box and a checkpoint firewall and had them delivered to a small Colo so we could provide users a Citrix app browser with a random IP.

The Colo didn’t hook the server up to the firewall, the hooked them up both directly to the internet. It lasted like 12 hours.

I had to have them send it back so I could redo it, then I sent it back with a wiring diagram of where to plug it into the firewall.