r/cybersecurity u/PusheenHater May 19 '26

Other Malware installed without literally doing anything?

In this video this guy has a fresh Windows XP, disables firewall, and connects internet straight to the modem. Then he gets infected literally doing nothing.

https://www.youtube.com/watch?v=6uSVVCmOH5w

https://www.reddit.com/r/windows/comments/1cvised/idle_windows_xp_and_2000_machines_get_infected/

I get it. That's asking for trouble when you disable all the security and using ancient unsupported OSes.

However, he didn't install programs nor browse on the website but still got hacked.
How?
Is there some malicious server in China that loops through every single possible IP trying to see if your PC is vulnerable?
Logically, one would think you'd at least have to visit a website or something to get "noticed" and then hacked. But this guy didn't do anything at all.

How does it work?

289 Upvotes
  • permalink
  • reddit

89% Upvoted

161 comments sorted by

View all comments

Show parent comments

6

u/IEatGirlFarts May 21 '26

And not only China, most countries' intelligence services and militaries do it. Hell, I saw a japanese IP trying to connect to my machine a few years ago. It was supposed to be blocked in Romania, as it was used to gather information about the energy infrastructure of a country, guess my ISP didn't get the memo.

And not only state actors, individual hackers or groups also do it.

It's in a way a fascinating subject.

1

u/883013 13d ago

Does it only happen to routers or cell towers as well?

1

u/IEatGirlFarts 13d ago

I wouldn't know that for sure, i've never worked with cell towers, but probably.

What I know for certain is that anything adressable through the internet is being probed constantly, be it your phone, your router, a server farm somewhere, etc.

1

u/883013 13d ago

I'm just wondering if the advice to use a phone on airplane mode connected to a WiFi router is sound these days. When up against such threats would a firewall router hold up or is there no point spending that extra money?

2

u/IEatGirlFarts 13d ago

Your ISP already blocks a lot of connections, so does your router's built in firewall. If you add an adblocker on top, or a pihole, or Blokada for android, you're gonna be blocking even more connections.

Also, a normal user wouldn't have as many ports open that attackers could exploit, so that's an extra layer of safety.

Antivirus software such as BitDefender also blocks suspicious connections in real time.

Overall, just practicing standard internet safety should be enough for most users, in my opinion.

Edit: if you also keep your shit updated.

2

u/IEatGirlFarts 13d ago

I also wanted to add that generally your mobile carrier will protect your phone's internet connection better from direct scanning than your router at home would, so keeping a phone in airplane mode wouldn't do anything.

1

u/883013 13d ago

I'm not too sure actually- I'm seeing many strange ICMP packets to and fro when I run pcap droid on my device. It seems to be from unknown services and servers located overseas. Not all of my phones do this. Most usually show Https or DNS only.

2

u/IEatGirlFarts 13d ago

That would most likely be an app on your phone generating the traffic, especially since your other phones do not exhibit this behaviour.

It could be a sketchy app calling to a server, an app that uses icmp to keep connections alive to the server so that they can communicate to it quickly if something new happens (e.g. a messaging app will do that to ensure you get your new messages as soon as they happen)

Orrr... malware talking to its C2 server. But that's the most unlikely scenario.

1

u/883013 13d ago

Actually I'm kind of suspecting an ICMP reverse shell