Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Compromised in 60 Seconds

Hybrid View

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    66

    Post Compromised in 60 Seconds

    So, I decided to fire up one of my older laptops and install Win2000 on it. I thought maybe I'd make into a Privoxy box. I know, I know I can do that in Linux but don't worry keep reading. It was running linux before so this is a fresh install.

    I got Windows 2000 installed then I went and download SP4 from Microsoft. I'm running the service pack install and it first tells me a debugger is running and to shut it down. Flag 1 Then later tells me it can't get continue because FTP.exe is running. flag 2. I pull the ethernet jack and reboot, thinking I did something wrong. Who knows I've been known to screw up once in a while.

    I boot it back up and I notice it's now got some executable with a maroon and black german cross sitting in the root directory!

    the plot thickens

    I start poking around and think what the hell, I click on the icon, nothing happens. I try the Service pack again, same error. I reboot. This time a modem dialer runs and it wants to dial out. No thank you.

    I decide to go and get Pstools and see what's going on. Holy crap. I've got a dozen or system connections to various other computers. I go and get spybot and AVG and boot into safe mode.


    List of Items:
    1 modem dialer program
    mdm.exe Trojan
    staff[1].exe Trojan
    FTP.exe trojan generic_c.kr
    Backdoor.Win32.SdBot.bkx
    Zedo cookies
    various registry disables (from trojans)

    Lessons Learned:

    NEVER put a windows machine onto a network naked. At the bare minimum put it behind a router. It took 60 seconds for this machine to turn into a zombie. It's now got Linux on it. Don't get bit.

  2. #2
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    What happened to: "I think I'll put it back on the network to let it see how bad it gets."
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    66

    Default

    Quote Originally Posted by PrairieFire View Post
    What happened to: "I think I'll put it back on the network to let it see how bad it gets."
    I decided that with all the connections to other machines on the dsl it was making and that I needed the ethernet cable for my main machine to surf porn, I 'd wait till I get my network set back up before I try it again, with a different machine.

    I need this machine for my Privoxy box, so I'll be trying it again in a more scientific manner. I.E. I want to have Wireshark running on the network to be able to see it happen.

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Sorry man.I didnt know that was your computer>Honest!!

  5. #5
    Junior Member cyberconsole's Avatar
    Join Date
    Aug 2007
    Posts
    57

    Default

    That's insane man. I cat believe there is that much stuff out there just floating around hunting for machines to exploit
    There's no fate but what we make for ourselves.

    -I already know I cant spel-

  6. #6
    Junior Member unix_r00ter's Avatar
    Join Date
    Feb 2007
    Posts
    64

    Default

    i was called over a friends house last year to help him out with his new XP machine which he was using for Music Production, he downloaded some drivers for his midi keyboard, then disconnected from the net as he didnt want ANY internet on it.

    However he reported it was slow, which was strange considering it was high spec and just outta the box, upon inspection it had A LOT of dodgy processes which were taking the CPU usage up to 100%.

    It's really shocking how quick this happens.

  7. #7
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    beakmyn: Are you crazy :b Putting a windows box with no updates
    on the internet ??. Well you wouldn't have had that problem
    if the computer was at least sitting behind NAT .

    I recall reading an article that stated there was an average of
    3 minutes before XP was infected with malware ...
    So it's not even just bad luck. This is the case for anyone with
    common vulnerabilities on windows.

    Quote Originally Posted by cyberconsole View Post
    That's insane man. I cat believe there is that much stuff out there just floating around hunting for machines to exploit
    That just made me think about IPv6.

    wikipedia.org
    IPv6 supports 2128 (about 3.4×1038) addresses, or approximately 5×1028 addresses for each of the roughly 6.5 billion people alive today.
    That must mean once IPv6 becomes a reality for average-Joe, that
    he won't risk being infected by random zombies ?

    Or will the bad-guys begin to "sell" IP's with recent activity.

  8. #8
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    This is why I loved AutoPatcher, you could install of the current patchs and tweaks onto Windows before you even put it on the network.
    I had it streamlined into all my windows install .iso's.

    It went offline due to mircosoft threating to sue after microsoft change the EULA to only allow patches to be download from their own Servers.
    I think their maybe a new version out that does not come with the updates/patches but downloads them directly from MS, will have to look into it to see if you can still download them and then run it 100% offline.

  9. #9
    Junior Member
    Join Date
    Jan 2010
    Posts
    66

    Default

    Quote Originally Posted by Deathray View Post
    beakmyn: Are you crazy :b Putting a windows box with no updates
    on the internet ??. Well you wouldn't have had that problem
    if the computer was at least sitting behind NAT .

    I recall reading an article that stated there was an average of
    3 minutes before XP was infected with malware ...
    So it's not even just bad luck. This is the case for anyone with
    common vulnerabilities on windows.



    That just made me think about IPv6.



    That must mean once IPv6 becomes a reality for average-Joe, that
    he won't risk being infected by random zombies ?

    Or will the bad-guys begin to "sell" IP's with recent activity.
    Yes I am crazy and I'll do it again. In fact I'm going to set up a honeypot on my wifi and see how long it takes.

  10. #10
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    Why did you install 2K in the first place?

    If it had to be Windows 2K3 is a better choose or for Linux CentOS or Slackware

    Quote Originally Posted by beakmyn View Post
    Yes I am crazy and I'll do it again. In fact I'm going to set up a honeypot on my wifi and see how long it takes.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •