Dawn of the Dead--Fresh Windows installs turned into zombies in 4 minutes.

by Kyle Rankin

Related link: http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm



Since my last post about patching Windows using Knoppix before connecting it to the net, a new study has come out that finds the time until intrusion is as little as 4 minutes for a fresh Windows XP machine.

Once compromised, the machine was then used as a zombie to further spread and otherwise do the bidding of the attacker. The machines used for this study were honeypots--they were taken off the net once compromised to prevent the attack spreading to other machines--but this same thing happens to new machines (or old machines with a fresh install) every day. Today's Internet is full of zombies looking for fresh brains.

If this doesn't give you a reason to look into methods for patching machines before you connect them to the Internet, I don't know what will. There are a number of hardware and software methods to protect against zombies at your disposal. The hardware method is to get a rifle or a cricket bat and aim for the head. If you don't have either of those handy you will have to fall back to software methods. I've already discussed patching Windows with Knoppix so I won't go over that again here, but other options include slipstreaming a patch into your Windows install. The steps are pretty well laid out, and involve creating a copy of your Windows install disk, extracting the latest Service Pack so that the new files overwrite the current system files you have extracted, and then creating a new bootable CD based on those files.

Of course, slipstreaming assumes you have a second computer with Windows already installed, in which case you could just download a copy of the latest Service Pack, burn it to CD, and then apply it to your fresh install before you hook it up to the network.

Whatever method you choose, be sure to keep the machine disconnected from the net until it is protected. Now that time-to-infection is as short as 4 minutes, there's less chance you will be able to patch your machine before it turns into a zombie.


3 Comments

jwenting
2004-11-30 22:54:05
hmm, time is up?
Just a few months ago the time used to be measures in seconds...


And of course if running an unpatched version of any other OS the same can happen to you as well.

teejay
2004-12-01 07:20:45
hmm, time is up?
No the time is down. Anybody with a windows box really needs a proper firewall between them and the internet.


If you are on ADSL rather than cable you ought to invest in a router with built in ADSL modem and firewall. Netgear do a very good one for under a hundred GBP that is trivial to setup and install and aggresively firewalls incoming traffic as default.


The windows XP 'firewall' is not a firewall at all, it won't stop any windows network attacks that take advantage of exploitable buffers, or bugs in windows networking code. It only protects high level windows network services.

mylasticus
2004-12-02 06:08:40
hmm, time is up?
Strictly speaking, I agree, one could have problems with another OS. But one will have problems if you are using broadband and updating Windows XP. Heck, I was working on a friends machine with dialup and had blaster in 5 minutes a year ago October. Speaking of the past, though, just a few months ago you had a different opinion altogether.


http://www.oreillynet.com/pub/wlg/5437


Unsafe patching?
2004-08-18 00:23:05 jwenting [Reply | View]


there is no risk. This is typical anti-Microsoft FUD.