Twenty Minute Infection
By: SmrtySsa
on Wednesday, March 2nd 2005 at 1:07pm
I read this article (404 - The requested page could not be found the other day and chuckled. Why? Because it's amusing. And I'm not being a Linux zealot either.
Today, I went onsite to setup Bell High speed. I plugged it in, went online, hit windows update. Standard procedure. While waiting for the 30 megs of updates to come in an IE window popped up. It then attemped to install some shit. Me being slightly intelligent knew enough to say "no" regardless of it's "you must hit yes to continue!" requests. Sure enough, this Windows 2000 box was just injected with spyware. How exactly? I don't know, I don't get paid for forensics.
After my reboot from windows update I ran ad-aware and cleaned up the 20 pieces (data miners, and drone-bots!) and all was well. Except for the fact that there were no less than 150 incomming connections from other Bell High speed customers.. All "infected." They were all attempting to spread their goodness to any system that would accept it. They were all causing a minimum of 20KB/s traffic. It was like a swarm of evil bees coming for my lolli pop.
It caught me by surprise, because normally when I set up a system it's done at home, where it's blocked by a firewall from the get-go. I was shocked. I've always read reports of how fast an "unprotected" system can get taken over, but this was my first witness of such an event.
I was smilin' like a baby in a tittie bar.
I threw on Norton "Internet Security" and sacraficed any performance that the machine may have had to the gods of insecurity. After my reboot from Live Update! and it's 15 megs of downloads I looked at the logs of incomming connections and laughed. I still can't believe it. 20 minutes. Why wasn't internet security on first? Because there's conflicts with unpatched windows boxes. That's why. Gotta update first to install NIS. Gotta connect first to update. Gotta... get screwed over by worms and trojans and spywares and adwares.
20 minutes. Friggin amazing.
To dig at bell too, that was one of the slowest DSL connections I've ever used. It didn't exceed 40KB/s, ever.
20 minutes. Hahaha.
Other Articles
Next: Windows 2003 Installation Process In 10 Reboots or Less from SmrtySsa
Previous: Bell Needs an Enima from SmrtySsa
Previous: Brief After-A-While Firefox Review from Quigley
Comments for Twenty Minute Infection
prev . 1 . next
4 Comments
SmrtySsa Wrote...
Wednesday, March 2nd 2005 at 2:38pm
Hmm... if you have a router, your situation baffles me, unless you have it set for your machine to be a DMZ which is higly not-recommended. My instance was directly connected to the innarnet.
The bugs are well known, and it's not just some dude sitting in his basement looking for a fresh install. The time it'd take a manual scanner to find someone across a vast range of ip's is insane. All the "infections" are propagated by well established networks of drones. Ones that just go through their own network range looking for fresh blood; and as innernet goes your network range changes often, so you get scanned by other fresh drones. Wash, rinse, repeat.
I stopped logging "attempts" on my linux box long ago, it was wasting my disk space.
Quigley Wrote...
Wednesday, March 2nd 2005 at 9:54pm
I'm still using Windows 2000 Pro. I have no firewall, no router. To date, I've reinstalled my OS from an ANCIENT pre-release Win2k disc upwards of ten times in the last few years, and I've never had a signficant problem between connection and patch completion - which for me with my native Service Pack 0 is rather an intensive process involving, between Norton and Windows updates, about six or seven reboots and roughly half an hour of online time. I tolerate this, by the way, because I'm too lazy to copy one of the millions of Win2k+SP4 discs that cross my desk. I too use Sympatico DSL. Maybe the drones just don't like me? :(
SmrtySsa Wrote...
Thursday, March 3rd 2005 at 8:18am
I guess a difference is also when I setup a box myself from scratch, "Administrator" has a password. A lot of cases, Administrator doesn't. Especially when I'm working on machines that were setup by my former employer in Toronto. (That's one reason why I request that I install on new machines! I can't stand the way the idiots do things... and it's not monetary reasons, it's piece of mind!)
prev . 1 . next
4 Comments
You must be Logged in to leave comments.
Anesthetic Wrote...
Wednesday, March 2nd 2005 at 1:57pm
That is EXACTLY what happened to me last week and I'm still reeling from it. I started fresh, reinstalled the OS and what do you know, the one up date I can do is: update the updater. I'm prompted to reboot and promptly do. Only to get FUCKED by incoming intrusions. I almost lost complete control of my comp. There must be a assholes out there who are constantly, and I mean constantly, looking for security holes in non-firewall protected comps. I too had to update crap before I could complete my Norton System Works install, thus the initial problem. Only I still can't clean everything up and now I can't even talk to my router. Mine wasn't even 20 min. It was connecting to my ISP, grabbing an update and booting. They musta hit me inside a minute. 43 infections, 42 of which are gone, as are a lot of important DLL files I'm thinking. Why? Norton wasn't updated enough to quarantine them or fix, had to kill outright. For the love of... Oh, I'd like to close with a big FUCK YOU to Microsoft Updater. Yah, why did I reinstall the OS in the first place? Because of Service Fuck Up Pack 2.