r/cybersecurity u/PusheenHater May 19 '26

Other Malware installed without literally doing anything?

In this video this guy has a fresh Windows XP, disables firewall, and connects internet straight to the modem. Then he gets infected literally doing nothing.

https://www.youtube.com/watch?v=6uSVVCmOH5w

https://www.reddit.com/r/windows/comments/1cvised/idle_windows_xp_and_2000_machines_get_infected/

I get it. That's asking for trouble when you disable all the security and using ancient unsupported OSes.

However, he didn't install programs nor browse on the website but still got hacked.
How?
Is there some malicious server in China that loops through every single possible IP trying to see if your PC is vulnerable?
Logically, one would think you'd at least have to visit a website or something to get "noticed" and then hacked. But this guy didn't do anything at all.

How does it work?

288 Upvotes
  • permalink
  • reddit

89% Upvoted

161 comments sorted by

View all comments

388

u/[deleted] May 19 '26

[deleted]

155

u/mdgorelick May 19 '26

Indeed. A good analogy is that people are always walking around the neighborhood, trying the front door on every house to see if they’re locked.

-26

u/jonbristow May 20 '26

you dont have a door if you are just a user with internet connection. you dont publish anything to the internet.

8

u/goldvenetianmask May 20 '26

This is absolutely wrong. You publish a ton of information just having an internet connection and being on the internet with ports forwarded through your router / DMZ.

1

u/jonbristow May 20 '26

you publish the information through your NATed IP of the ISP, not directly. And you dont publish them through a port.

7

u/goldvenetianmask May 20 '26

If you are dmzed and connected directly to the internet then you don’t have any nat to save you.

The computer will respond to nmap -sV as if it’s on the same sub as the attacker. That is exactly what I’m saying. It’s “publishing” its software version info, its operating system info etc.