Last Friday, a television report was aired on Canadian television, produced in collaboration with ESET. The topic of the report was, of course, computer security and, specifically, zombie networks (botnets). To show the viewers the dangers of poor security practice, we plugged a computer without security patches on the Internet and waited to see how long it would take for it to be compromised.
A couple of minutes after connecting the vulnerable machine to the Internet, we started receiving queries from other computers wanting to display advertisement through the NT Message protocol. Most of these advertisements originated in Europe and were promoting fake antivirus products. It took a couple of hours before the first real attack was reported. This surprised us slightly since the Honeynet Project (www.honeynet.org) states that it usually takes less than an hour for an unsecured machine to be compromised, once connected to the Internet. The attack in question exploited a security flaw in the Windows file sharing system and installed a bot on our vulnerable computer.
We received a lot of comments on this TV report. Many people reacted by saying that they would be more cautious when browsing the Internet, and this is a good thing. Some others stated they would never again go to an unfamiliar web site. I think this is overreacting. The Internet is a great resource to have and the advantages of being able to browse it overcome its downsides. I think the lesson to remember from our television report is that before connecting a computer to the Internet, you should make sure all security patches have been applied and you have proper security applications installed. When browsing unknown websites, you should be particularly cautious of what you download and execute.
The report (French only) can be viewed at the following address: http://tva.canoe.com/emissions/je/reportages/21083.html
Author Pierre-Marc Bureau, ESET