Windows XP SP1 Honeypot Breached In 200 Seconds

The internet is becoming a scarier and scarier place.

In a recent “honeypot” study, a Windows XP computer with Service Pack 1 was infiltrated in just 200 seconds, without even opening a web browser.

For the less techie-minded, a “honeypot” study involves setting up a new PC with a new operating system (in this case, a Windows XP SP1 machine) and connecting it directly to the internet to see how it is attacked and to what end. In this case, all they did was connect said computer to the internet… and less than four minutes later, it had been compromised by an attacker. Within half an hour, it was receiving instructions to act as a bridge to attack other computers.

Four minutes isn’t long enough to download and install ZoneAlarm. It certainly isn’t long enough to install Service Pack 2. And all across the globe, newbie PC users are buying off-the-shelf computers with no firewall, taking them home, and connecting them to the internet, basically ‘volunteering’ their computers and their bandwidth to be zombies and attack others around the world, relay spam, or share their files with anybody, anywhere.

If anybody needs help securing their system, just give me a shout.

8 comments

  1. Strokeyadam Strokeyadam says:

    Even though I don’t understand, this still seems exciting.

  2. JTA JTA says:

    I’m assuming I’m safe over here, right? Got me a Zone Alarm Pro and (I assume) some species of AberNet firewall floating ’round behind the network…?

  3. Anonymous says:

    Mmm.. the Stunet firewall isn’t bad. You’re probably more at risk from other students….

  4. Dan Q Dan Q says:

    Anonymous is right – while the AberNet firewall will do a great job (in fact, a perfect job) of protecting you from any inbound attack (although it doesn’t save you from e-mail borne viruses or web browser vulnerabilities, for example), your greatest risk comes from students on the network. And they don’t even have to be deliberately doing it!

    If any of the students on the network connects to the internet at home, it’s quite possible for thier PC to still be carrying malicious code when it’s brought to Aber. And, here, there’s nothing to stop that code from then trying to attack other stunet computers – particularly ones on the same subdomain (e.g. PJM).

    ZoneAlarm does a fantastic job of protecting Windows from these kinds of attacks. In the honeypot survey done, above, the machine with Windows XP and ZoneAlarm remained uninfected after two weeks of sitting there on the ‘net, inviting attack.

    Vigilance.

  5. Jon Jon says:

    Vigilance?

    No, Debian.

  6. Raz Raz says:

    Yay for being a Mac user ;)

  7. The Pacifist The Pacifist says:

    Ehh.. the only reason Macs don’t get infected is ’cause nobody uses them! :)

  8. Dan Q Dan Q says:

    They’re also BSD-based, these days. That counts heavily in their favour as far as security is concerned.

Reply here

Your email address will not be published. Required fields are marked *

Reply by email

I'd love to hear what you think. Send an email to b552@danq.me; be sure to let me know if you're happy for your comment to appear on the Web!