Connect your PC to the internet and you'll get infected! (on a

[Guest]

I often come across comments and sometimes publications that say that the mere act of having your computer connected to the internet means you will get infected on pre NT6 OSes. I've even see one notoriously dumb Microsoft "MVP" say this constantly on the Microsoft Answers forum and another one on another forum that I eventually got banned from because I asked another user to PM me the location of some malware he got himself infected with so I could play with it.

 

What is wrong with these people? I'm not saying it couldn't happen again but it's way past 2004. 

[jaclaz]

IMHO it is mainly FUD.

 

Of course if you connect to the Internet "directly" (i.e. without a NAT AND with Windows firewall disabled/not configured, it may happen), BUT:

 

https://isc.sans.edu/diary/Survival+Time+on+the+Internet/4721

ISC reader Dr. Neal Krawetz deliberately exposed the management ports of several brands of cable modem / home router devices to the Internet to see if they would be compromised. Within the week that the experiment lasted, none of them were.

 

Everything originated AFAIK from this publication:

http://cayfer.bilkent.edu.tr/~cayfer/xpsurvivalguide.pdf

and from this Thesis:

http://pi1.informatik.uni-mannheim.de/filepool/theses/diplomarbeit-2007-itzel.pdf

 

I would say roughly 95% metropolitan legend, 5% facts.

 

jaclaz

[Guest]

The first publication is pre 2004 so at that time typical users where vulnerable. The second one,  I cant read due it being in what appears to be German.

I'll run it through a translator later and hope it makes it readable.

[Tripredacus]

I have certainly seen PCs just become infected off the bat if connected to the internet with no AV or firewall. It is always due to special circumstances, such as in the early stages of a virus outbreak. The last time I've specifically seem this occur was during the first week of Conficker/Downadup before any patches were released.

[submix8c]

HTTP/FTP/RDP ports still forwarded to my server. Software Firewall allows HTTP/FTP from "any", RDP only set to "my own IP". Of course, the ports are usually closed (HTTP/FTP Services must be statred to be opened). Nada.

[Guest]

I have certainly seen PCs just become infected off the bat if connected to the internet with no AV or firewall. It is always due to special circumstances, such as in the early stages of a virus outbreak. The last time I've specifically seem this occur was during the first week of Conficker/Downadup before any patches were released.

I've seen it too but that was before 2004. It happened to me on occasion when I would forget to disconnect the network cable during setup. The setup would complete but Blaster caused some crashes during the process.

I had the ancient bridged DSL at the time so I was wide open. I must have run 100 Win2K setups during my "rip the guts out of it" project.

I bitched to my ISP about blocking all the port 135 traffic but it fell on death ears.

Edited June 17, 2014 by -X-

[koganstyle]

Its silly to assume that every pc that connects to the internet will get infected LOL, but people used to run port scanners...I remember when I was younger we used to just snoop around the internet trying to log into PC's with administrator and blank password. No intention of doing anything just to see if we could be the next great hackers LOL (until I realised hackers are much smarter than this). I had a machine with windows 2000 on it and It was infected with a virus, I had Norton AV on it just not the XYZ patch that was needed to stop this exploit (I had just connected it to the internet via dialup). I believed someone might have port scanned this PC and then used a virus with an exploit geared to take advantage of my unpatched 2000 setup. I wonder if any of these new tethered smartphones have any kind of firewalling built in ?

Edited June 17, 2014 by koganstyle

[Tripredacus]

I've seen it too but that was before 2004. It happened to me on occasion when I would forget to disconnect the network cable during setup. The setup would complete but Blaster caused some crashes during the process

Oh yeah, I forgot about Blaster, that was for a month or two. No way could you put a naked PC online, it would get infected right away. It was definately a pain during deployment, so many machines would get infected in that short period of time between when the NIC got an IP and the firewall software got installed.

[Guest]

Yeah that's what I meant by pre-2004. Remember Steve Gibson's DCOMbobulator? Also XP SP2 and it's added firewall that would block that stuff was released in 04.

Edited June 18, 2014 by -X-

[koganstyle]

The virus I experienced was back in 2001ish before dcom rpc exploits became really common. I didn't believe in patches back then but you better believe I started patching after that scenario.