Clean System to Zombie Bot in Four Minutes

← Back to Stories (view on slashdot.org)

Clean System to Zombie Bot in Four Minutes

Posted by michael on Tuesday November 30, 2004 @08:05AM from the takes-five-minutes-to-download-patches dept.

Amadaeus writes "According to the latest study by USA Today and Avantgarde, it takes less than 4 minutes for an unpatched Windows XP SP1 system to become part of a botnet. Avantgarde has the statistics in their abstract. Stats of note: Although Macs and PC's got hit with equal opportunity, the XP SP1 machine was hit with 5 LSASS and 4 DCOM exploits while the Mac remained clean. The Linux desktop also was impenetrable, but only was only targeted by 0.26% of all attacks." See also our story on the survival time for unpatched systems.

4 of 608 comments (clear)

Min score:

Reason:

Sort:

2:30 by Nuskrad · 2004-11-30 08:13 · Score: 5, Informative

I recently tested this on a clean install of Windows XP SP1, and it took just 2 minutes 30 seconds(give or take a few) after connecting to the internet for me to notice the system to be compromised, and that was with the Windows Firewall on.
My advice to anyone with Windows XP SP1 planning a clean install - get the SP2 CD (free from Microsoft) and install it before connecting to the internet.
Re:How do you patch a system? by omicronish · 2004-11-30 08:16 · Score: 5, Informative

Does that mean I have to install XP, download SP2. Burn the SP2 archive onto a CDROM, reinstall XP with the network cable disconnected, and then patch? Geez that'll get old fast

You can slipstream the SP2 patch into SP1 or a plain Windows XP CD. This will allow straight installation of Windows XP + SP2 already integrated. This basically involves running the SP2 installer on a copy of CD files, and then burning the resulting files to another CD. This page has more information on slipstreaming SP2. This comment has reached its end.
Re:How do you patch a system? by ChatHuant · 2004-11-30 08:19 · Score: 5, Informative

You shouldn't need to reinstall. Do first installation offline; manually turn off unwanted services and turn on the Windows firewall (it's simple, but good enough for the time being). Connect to the internet (it's even better if you use a cheap NAT box), download and install SP2.
Re:Hey, cool. by ryanr · 2004-11-30 08:21 · Score: 5, Informative

There was an SP2 machine included in the same test. It went unmolested, due largerly to the new firewall enabled by default. This particular test environment included no user activity, i.e. no email reading, no web browsing.

Generally speaking, I'm pleased with SP2. As long as you're running XP, and it won't affect your critical functionality adversely, install it. It won't be exploit proof moving forward, but it's the easiest way to patch the current set of problems.