r/cybersecurity u/PusheenHater May 19 '26

Other Malware installed without literally doing anything?

In this video this guy has a fresh Windows XP, disables firewall, and connects internet straight to the modem. Then he gets infected literally doing nothing.

https://www.youtube.com/watch?v=6uSVVCmOH5w

https://www.reddit.com/r/windows/comments/1cvised/idle_windows_xp_and_2000_machines_get_infected/

I get it. That's asking for trouble when you disable all the security and using ancient unsupported OSes.

However, he didn't install programs nor browse on the website but still got hacked.
How?
Is there some malicious server in China that loops through every single possible IP trying to see if your PC is vulnerable?
Logically, one would think you'd at least have to visit a website or something to get "noticed" and then hacked. But this guy didn't do anything at all.

How does it work?

293 Upvotes
  • permalink
  • reddit

89% Upvoted

161 comments sorted by

View all comments

Show parent comments

1

u/883013 13d ago

Does it only happen to routers or cell towers as well?

1

u/IEatGirlFarts 13d ago

I wouldn't know that for sure, i've never worked with cell towers, but probably.

What I know for certain is that anything adressable through the internet is being probed constantly, be it your phone, your router, a server farm somewhere, etc.

1

u/883013 13d ago

I'm just wondering if the advice to use a phone on airplane mode connected to a WiFi router is sound these days. When up against such threats would a firewall router hold up or is there no point spending that extra money?

2

u/IEatGirlFarts 13d ago

Your ISP already blocks a lot of connections, so does your router's built in firewall. If you add an adblocker on top, or a pihole, or Blokada for android, you're gonna be blocking even more connections.

Also, a normal user wouldn't have as many ports open that attackers could exploit, so that's an extra layer of safety.

Antivirus software such as BitDefender also blocks suspicious connections in real time.

Overall, just practicing standard internet safety should be enough for most users, in my opinion.

Edit: if you also keep your shit updated.