If you’re of a certain age, you’ve probably used Windows XP. This operating system was released in 2001 with new features such as a revamped user interface and improved performance. However, over time, the Microsoft product's market share has been reduced to insignificance—although, interestingly, it’s still very popular in Armenia.
Despite the decline in its use, there are still some individuals who enjoy experimenting with obsolete software. Eric Parker is one of them. This year, Parker decided to install Windows XP and, to make matters more interesting, he connected it directly to the Internet without any security measures. Shortly after, the system started receiving a large number of malware attacks.
Let’s delve into some details.
Connecting a Windows XP Device to the Internet in 2024
In order to carry out his experiment, Parker chose not to use an old computer. Although that certainly would’ve been interesting, he opted for a virtualization solution called Proxmox instead. After installing the system, he connected to it via VNC and made sure that both the Windows Firewall and updates were disabled.
In a video shared on his YouTube channel, Parker can be seen spending a few minutes browsing through Internet Explorer 6. He did a search through Bing and attempted to log in to a specific page, but was unsuccessful. He then walked away from the computer and returned a few minutes later to see if any malware had infected the system.
About 15 minutes later, Parker discovered some strange things in Windows XP. First, upon opening Task Manager, he identified a running process called conhoz.exe. Additionally, the operating system now had a new user account named “Admina.” After finding these items, Parker installed Firefox and Process Explorer.
With Process Explorer, he was able to get some additional details from conhoz.exe. For example, “Microsoft compilation" was listed as its developer, presumably because bad actors thought it would pass as a genuine “Microsoft Corporation” process. Interestingly, conhoz.exe connected to a Russian domain. Process Explorer also detected an FTP server on the machine.
In an attempt to disinfect the system, Parker installed an older version of Malwarebytes. The antivirus scanned the system and detected eight threats, including four Trojans. However, the antivirus software failed to remove all the malware. After disinfection, conhoz.exe was still running. It was, in Parker's words, “a victory for the malware.”
Why Did Windows XP Get Infected So Easily?
In Parker’s experiment, we find several elements that, when combined, create an ideal scenario for malicious software. First off, Windows XP is an old operating system that has long since completed its life cycle and is completely unsupported. This means that it doesn’t receive security updates, making it a clearly vulnerable system.
Furthermore, the video’s author disabled the system’s firewall and decided to connect it directly to the Internet, something we don’t normally do. As a result, the Windows XP computer exposed its public address to anyone on the Internet. It should be noted that attackers can use tools like NMAP to scan IP address ranges with open ports.
There are also malicious tools that can identify vulnerabilities and then exploit them. If we take into account that Windows XP hasn’t received updates for years, we can deduce that it’s been accumulating vulnerabilities that have never been fixed. In essence, we could say that Parker essentially left a car with its doors unlocked in a busy city.
Image | Microsoft | KindPNG| Eric Parker | Thomas Jensen via Unsplash
Related | The Mac vs. PC War Seemed a Thing of the Past. Now, It’s Coming Back
View 0 comments