Windows XP SP1 Honeypot Breached In 200 Seconds

The internet is becoming a scarier and scarier place.

In a recent “honeypot” study, a Windows XP computer with Service Pack 1 was infiltrated in just 200 seconds, without even opening a web browser.

For the less techie-minded, a “honeypot” study involves setting up a new PC with a new operating system (in this case, a Windows XP SP1 machine) and connecting it directly to the internet to see how it is attacked and to what end. In this case, all they did was connect said computer to the internet… and less than four minutes later, it had been compromised by an attacker. Within half an hour, it was recieving instructions to act as a bridge to attack other computers.

Four minutes isn’t long enough to download and install ZoneAlarm. It certainly isn’t long enough to install Service Pack 2. And all accross the globe, newbie PC users are buying off-the-shelf computers with no firewall, taking them home, and connecting them to the internet, basically ‘volunteering’ their computers and their bandwidth to be zombies and attack others around the world, relay spam, or share their files with anybody, anywhere.

If anybody needs help securing their system, just give me a shout.

8 replies to Windows XP SP1 Honeypot Breached In 200 Seconds

  1. I’m assuming I’m safe over here, right? Got me a Zone Alarm Pro and (I assume) some species of AberNet firewall floating ’round behind the network…?

  2. Mmm.. the Stunet firewall isn’t bad. You’re probably more at risk from other students….

  3. Anonymous is right – while the AberNet firewall will do a great job (in fact, a perfect job) of protecting you from any inbound attack (although it doesn’t save you from e-mail borne virii or web browser vulnerabilities, for example), your greatest risk comes from students on the network. And they don’t even have to be deliberately doing it!

    If any of the students on the network connects to the internet at home, it’s quite possible for thier PC to still be carrying malicious code when it’s brought to Aber. And, here, there’s nothing to stop that code from then trying to attack other stunet computers – particularly ones on the same subdomain (e.g. PJM).

    ZoneAlarm does a fantastic job of protecting Windows from these kinds of attacks. In the honeypot survey done, above, the machine with Windows XP and ZoneAlarm remained uninfected after two weeks of sitting there on the ‘net, inviting attack.

    Vigilance.

Comments are closed.