Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have there been any major XP Hacks?


  • Please log in to reply
35 replies to this topic

#1 chakotay2

chakotay2

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 27 June 2014 - 10:10 PM

We're almost 3 months into the 'death' of Windows XP. I haven't heard of any major hacks for Windows XP as of yet (the IE vulnerability was an issue with all Windows OS's).

 

Have there been hacks at all? I am sure the media would have picked up on something if it was targeted toward XP specifially.

 

Don't get me wrong, I migrated years ago, I am just trying to get a feel of what's out there.



BC AdBot (Login to Remove)

 


#2 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:47 PM

Posted 27 June 2014 - 10:53 PM

Haven't heard of any specifically towards XP users as of yet, however many IT & security experts are stating that it's coming. 

 

There are larger issues which affects all Windows OS's, such as the Ransomware infection & this up & coming one.

 

http://www.bleepingcomputer.com/forums/t/537979/pandemiya-entirely-new-trojan-quietly-wheeled-into-black-hat-forums/

 

Glad to hear you've moved on from XP, you haven't missed anything & likely saved yourself a lot of frustration.  :)

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#3 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 27 June 2014 - 11:00 PM

Good read. With the polymorphic nature of viruses now days, it's going to be a rough road ahead.

I'm wondering if Windows doesn't become more app store centric. Nothing other than 'approved' apps could be installed, similar to Android Play, or Apple's app store.

 

The first line of defense is the user, but the more security put in place (like UAC) just seems to confuse end users, and trains them to click yes to everything.

 

I'm not saying the sky is falling, I just see the anti-virus vendors having more and more difficult time keeping up with 'dat' files.



#4 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,018 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:47 PM

Posted 27 June 2014 - 11:50 PM

That's why it's best security practice to have both active AV & AM software. By AM, am referring to a choice such as Malwarebytes Pro. Free is good for catching things after the fact, however prevention is far better than cure. MBAM Pro works to intercept the bad code that traditional AV/IS software misses. 

 

MBAM is compatible with most brands of security, with a few exceptions, such as F-Secure & Kaspersky, there may be a few others. 

 

There are still Lifetime licenses of MBAM Pro on the Newegg site, often ran on promo, sign up for these & get a couple of them while they last, as they've shifted to yearly subscriptions. These licenses can be removed from one computer & installed on another, in case you get another. 

 

Yes, the first line of defense is indeed the user. Many clicks onto things too good to be true, or on malicious links in emails, such as the "shipping notices" where your "lost" package is in South America. If one orders a product & it's late nor has arrived, it's best to call the sender. The only times that shipping companies sends notices is when the customer requests notification of movement, otherwise the link to check status of a shipment is sent by the retailer. 

 

In the last few months, I've noticed this type of activity on the rise, have received a few genuine looking emails that some would have fallen for. For example, PayPal will Never ask a customer to verify an account through an email link at random. They'll send one as soon as any changes are made, plus a text to one's cell phone, but a notice out of the blue, no. 

 

It's all a matter of personal responsibility, taking the time to educate ourselves about safe Internet & computer usage. That includes running AV & AM scans, keeping everything up to date & creating regular backups for when the bad does happen. Not just infections, hardware failure as well. These backups, while it's OK to keep one on a second drive on the computer, for the ultimate in safety, create these to a removable, external drive. This prevents the various "Crypto" infections from encrypting the backups, making them useless. 

 

As an alternate, learn a version of Linux & avoid these headaches. Though my main Windows install is 7 Pro, Linux MInt x64 is my main OS & the one always used for transactions. Windows malware is useless against a Linux user. Especially for XP customers, it's best to have bootable Linux install media, which can be booted into & transactions made safely, even if the computer is infected to the gills. The session is running in memory only & all traces are gone once shutdown or rebooted. 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#5 Guest_Kaosu_*

Guest_Kaosu_*

  • Guests
  • OFFLINE
  •  

Posted 28 June 2014 - 12:47 AM

We're almost 3 months into the 'death' of Windows XP. I haven't heard of any major hacks for Windows XP as of yet (the IE vulnerability was an issue with all Windows OS's).

 

Have there been hacks at all? I am sure the media would have picked up on something if it was targeted toward XP specifially.

 

Don't get me wrong, I migrated years ago, I am just trying to get a feel of what's out there.

 

Yes, there are unpatched vulnerabilities in Windows XP that are being actively exploited. However, most of the people actively exploiting the vulnerabilities are doing so for profit and stand to make more money if the end-user has no idea that they are compromised, because then they can easily steal their bank account information, credit card information, social security number, etc. Most people don't use all of this information in a single day, so criminals will want to keep the compromised machines under their watchful eye for a while after taking them over.

 

I doubt there will be any real news during the first year or so, because this is when criminals stand to make an awful lot of money stealing the identities of legitimate users still using XP. We will probably see news articles after the criminals finish selling all of these stolen identities and want to make more money by then selling all of the compromised machines to botnet operators. Once these XP machines become a part of some massive botnet, we will probably see the media go nuts. Since probably 1 in 4 computers on the Internet runs Windows XP, you can imagine how big these already massive botnets will become.


Edited by Kaosu, 28 June 2014 - 01:05 AM.


#6 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  

Posted 28 June 2014 - 07:39 AM

 

We're almost 3 months into the 'death' of Windows XP. I haven't heard of any major hacks for Windows XP as of yet (the IE vulnerability was an issue with all Windows OS's).

 

Have there been hacks at all? I am sure the media would have picked up on something if it was targeted toward XP specifially.

 

Don't get me wrong, I migrated years ago, I am just trying to get a feel of what's out there.

 

Yes, there are unpatched vulnerabilities in Windows XP that are being actively exploited. However, most of the people actively exploiting the vulnerabilities are doing so for profit and stand to make more money if the end-user has no idea that they are compromised, because then they can easily steal their bank account information, credit card information, social security number, etc. Most people don't use all of this information in a single day, so criminals will want to keep the compromised machines under their watchful eye for a while after taking them over.

 

I doubt there will be any real news during the first year or so, because this is when criminals stand to make an awful lot of money stealing the identities of legitimate users still using XP. We will probably see news articles after the criminals finish selling all of these stolen identities and want to make more money by then selling all of the compromised machines to botnet operators. Once these XP machines become a part of some massive botnet, we will probably see the media go nuts. Since probably 1 in 4 computers on the Internet runs Windows XP, you can imagine how big these already massive botnets will become.

 

Interesting. That's probably the best hack out there, have control and exploit without leaving much of a trace / indication there is an issue. Who know's what kind of information could be gathered. I didn't realize Windows XP still held that big of a market share. What's really scary is some of the large corporations who have very sensitive data on them. There's likely to be an XP machine in the network somewhere.

 

No matter how much warning, it's amazing that so many won't upgrade until they are 'made to'. It's not like this wasn't a long time coming.



#7 Scoop8

Scoop8

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas TX
  • Local time:07:47 PM

Posted 28 June 2014 - 10:20 AM

Upgrading from XP isn't always related to being uninformed or being unwilling.

 

My Mom has an XP Desktop that's used about once a week, sometimes twice weekly.  It's not worth the cost, as yet, to buy her a Win 7 or 8 PC due to the usage frequency with her PC.

 

I've been checking on her PC more closely since Apr 8th.  So far all's ok.  I have her critical data backed up elsewhere in the event of an intrusion as well as occasional full-HDD backups.

 

I realize there are alternatives available (Linux Mint, etc) but it would require training and Mom's not a PC-oriented person.  She can use her (Outlook) e-mail and the 'net in small quantities.

 

The good part is she never opens up any abnormal email's without my checking on them first.  I monitor her Outlook inbox daily. pull in e-mail's, delete any suspects, spam, etc.



#8 Guest_Kaosu_*

Guest_Kaosu_*

  • Guests
  • OFFLINE
  •  

Posted 28 June 2014 - 10:48 AM

Upgrading from XP isn't always related to being uninformed or being unwilling.

 

My Mom has an XP Desktop that's used about once a week, sometimes twice weekly.  It's not worth the cost, as yet, to buy her a Win 7 or 8 PC due to the usage frequency with her PC.

 

I've been checking on her PC more closely since Apr 8th.  So far all's ok.  I have her critical data backed up elsewhere in the event of an intrusion as well as occasional full-HDD backups.

 

I realize there are alternatives available (Linux Mint, etc) but it would require training and Mom's not a PC-oriented person.  She can use her (Outlook) e-mail and the 'net in small quantities.

 

The good part is she never opens up any abnormal email's without my checking on them first.  I monitor her Outlook inbox daily. pull in e-mail's, delete any suspects, spam, etc.

 

While it is a great thing that you are helping your mother, it won't have much impact when it comes to protecting an XP machine. Like I said earlier, these criminals stand to make more money by remaining silent and monitoring all incoming/outgoing connections, looking for sensitive information to steal and also collecting contact lists for victims to drag into social engineering scams, etc.

 

Most of the vulnerabilities are in services that Windows XP requires for normal operation. So, no matter how careful you are, there isn't getting around the fact that the machine will eventually be compromised, if it isn't already. I would strongly recommend ditching XP as soon as possible, because there isn't any "securing it", unless you take it offline completely. Just because everything seems okay does not mean it is, because most of these criminals are not going to install ransomware or let you know they are watching, stealing identities and bank accounts is more profitable.

 

Truthfully, the learning curve of most user-friendly GNU/Linux distributions isn't that bad. Most older hardware is well supported, so a lot of the times a modern distribution is plug and play, unless you have some obscure hardware or weird wireless adapters. Most novice users will have more issues going from XP to Windows 8 than from XP to GNU/Linux.


Edited by Kaosu, 28 June 2014 - 10:50 AM.


#9 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 28 June 2014 - 10:48 AM

Upgrading from XP isn't always related to being uninformed or being unwilling.

 

My Mom has an XP Desktop that's used about once a week, sometimes twice weekly.  It's not worth the cost, as yet, to buy her a Win 7 or 8 PC due to the usage frequency with her PC.

 

I've been checking on her PC more closely since Apr 8th.  So far all's ok.  I have her critical data backed up elsewhere in the event of an intrusion as well as occasional full-HDD backups.

 

I realize there are alternatives available (Linux Mint, etc) but it would require training and Mom's not a PC-oriented person.  She can use her (Outlook) e-mail and the 'net in small quantities.

 

The good part is she never opens up any abnormal email's without my checking on them first.  I monitor her Outlook inbox daily. pull in e-mail's, delete any suspects, spam, etc.

Scoop8 - Does she do any banking from the computer? That's what I'd be concerned about in that case.



#10 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  

Posted 28 June 2014 - 10:51 AM

Kaosu has a great point. Linux would be a great alternative for her. Ubuntu has come a long way in my opinion. It's much more user friendly than it used to be.



#11 Scoop8

Scoop8

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas TX
  • Local time:07:47 PM

Posted 28 June 2014 - 11:26 AM

Kaosu

 

Thanks for the info.  I realize the risks although I'm not a PC expert :).  It's a matter of weighing the cost vs risk.

 

In other words, if my Mom was a typical multi-daily average 'net surfer PC user, I'd have already replaced her PC.

 

My nephew is a Linux guy so I can get him to help out if we have to switch over to Linux on Mom's PC.

 

I have Linux Mint in my own PC CD/media kit but am not familiar with it yet.  I've loaded It on my Win 7 PC at home to insure that it boots ok but haven't spent time as yet with it.

 

 

chakotay2

 

Thanks for the info.  Mom doesn't do any banking transactions on her PC but she does use her CC at Amazon occasionally.

 

I have her banking acct and CC's set up on my home PC to monitor for fraudulent transaction activity.

 

While I'm no ace about this stuff, I do check things with Process Explorer, Netstat -b, CPU use, etc, just to take a look occasionally at her PC to look for things that appear abnormal.

 

I will get more familiar with Linux Mint since I already have the CD at home.  Perhaps that's the best way to go with Mom's PC, no expense, etc.

 

Regarding the overall XP scene, I'm somewhat of a "show me" guy with this topic :).  I'm not doubting the cautious advice at all, don't want to be misunderstood about it.

 

There's been so many predictions of doom at other forums that sometimes I wonder about it.  In other words, there are posters elsewhere that claim to have been running older versions of Windows without any issues.

 

I'm not taking those posts as complete truth but I'm looking at my Mom's PC as sort of a "lab test" situation to see how it goes for a while.

 

In my Mom's case, if a rare (this is a rare risk according to all I've read here and at other forums around the 'net) firmware/BIOS infection occurred, one from which I couldn't recover her PC, I'd brick her PC since the loss would be minimized as it's outdated (hardware).

 

If there were a situation where her PC is compromised without any symptoms being noticeable, I have backups of those few items that would be needed to be recovered in the event that replacing her PC would be required.

 

If her PC gets infected by one of the conventional scenarios (ie, browser hijacked, "FBI" screens, false popup's appearing, etc),  recovery from those situations is fast with full-HDD images stored elsewhere, as well as a cloned HDD that I keep at my house.

 

Coincidentally, I was planning on posting a similar question in the XP section at this forum soon, at the 3-month point (since Apr 8th), to see how other XP users have been doing the past 3 months.



#12 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 28 June 2014 - 12:48 PM

Kaosu

 

Thanks for the info.  I realize the risks although I'm not a PC expert :).  It's a matter of weighing the cost vs risk.

 

In other words, if my Mom was a typical multi-daily average 'net surfer PC user, I'd have already replaced her PC.

 

My nephew is a Linux guy so I can get him to help out if we have to switch over to Linux on Mom's PC.

 

I have Linux Mint in my own PC CD/media kit but am not familiar with it yet.  I've loaded It on my Win 7 PC at home to insure that it boots ok but haven't spent time as yet with it.

 

 

chakotay2

 

Thanks for the info.  Mom doesn't do any banking transactions on her PC but she does use her CC at Amazon occasionally.

 

I have her banking acct and CC's set up on my home PC to monitor for fraudulent transaction activity.

 

While I'm no ace about this stuff, I do check things with Process Explorer, Netstat -b, CPU use, etc, just to take a look occasionally at her PC to look for things that appear abnormal.

 

I will get more familiar with Linux Mint since I already have the CD at home.  Perhaps that's the best way to go with Mom's PC, no expense, etc.

 

Regarding the overall XP scene, I'm somewhat of a "show me" guy with this topic :).  I'm not doubting the cautious advice at all, don't want to be misunderstood about it.

 

There's been so many predictions of doom at other forums that sometimes I wonder about it.  In other words, there are posters elsewhere that claim to have been running older versions of Windows without any issues.

 

I'm not taking those posts as complete truth but I'm looking at my Mom's PC as sort of a "lab test" situation to see how it goes for a while.

 

In my Mom's case, if a rare (this is a rare risk according to all I've read here and at other forums around the 'net) firmware/BIOS infection occurred, one from which I couldn't recover her PC, I'd brick her PC since the loss would be minimized as it's outdated (hardware).

 

If there were a situation where her PC is compromised without any symptoms being noticeable, I have backups of those few items that would be needed to be recovered in the event that replacing her PC would be required.

 

If her PC gets infected by one of the conventional scenarios (ie, browser hijacked, "FBI" screens, false popup's appearing, etc),  recovery from those situations is fast with full-HDD images stored elsewhere, as well as a cloned HDD that I keep at my house.

 

Coincidentally, I was planning on posting a similar question in the XP section at this forum soon, at the 3-month point (since Apr 8th), to see how other XP users have been doing the past 3 months.

Scoop8 I'm glad this  topic was of interest. The one thing I would point out is that all the credit and credit card monitoring, help, only AFTER it's been compromised. You may want to fire up a VM and play with Linux, or try a 'live cd'.



#13 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:08:47 PM

Posted 28 June 2014 - 01:15 PM

Kaosu has a great point. Linux would be a great alternative for her. Ubuntu has come a long way in my opinion. It's much more user friendly than it used to be.

 I think Mint Linux is an ideal solution for folks with XP computers who don't want to buy a new computer.  It runs well on any computer that runs XP and it's supported.  The user interface is very similar to Windows, and it comes with Firefox and LibreOffice (a near clone of MS Office).

 I have to say about XP being hacked, I've seen a lot of reports from folks who're running XP who're having problems.  Usually the tools they've used have gotten them out of the woods so far, but IMHO they're taking a huge risk.  It's like not having insurance.  You could probably get by for a good while not having it, but it's sure a risk I wouldn't want to take or recommend to anyone.

 

Good luck.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#14 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 28 June 2014 - 01:33 PM

I've never heard of Mint Linux. I may look into that.



#15 Scoop8

Scoop8

  • Members
  • 326 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas TX
  • Local time:09:47 PM

Posted 28 June 2014 - 03:56 PM

chakotay2

 

Thanks again.  True about the CC vulnerabilities.  I've had my CC# stolen (fraud charges) 3 or 4 times over a 25-year period, the first being before the days of widespread home 'net use.  One phone call fixed the problem for me each time.  It's not a good thing but it's been easy to fix for me with no liabilities involved.  I guess it's one of the potential downsides to the convenience of the 'net/shopping era.  For me, the conveniences far outweigh the rare problems, at least for me.

 

If that happens to my Mom, I'll probably graveyard XP at that time.

 

I'm not familiar with VM.  I've begun looking into that as well as the Linux scene.  Thanks for that suggestion :)

 

 

wpgwpg

 

Thanks for providing the info about LibreOffice.  When I booted up my Win 7 PC on the Mint CD, I noticed Firefox but didn't look around long enough to see the Office clone. 

 

Regarding the tools to recover (XP), thanks for the info.  If I encounter a malicious issue with my Mom's XP PC and it's not confined to the HDD, I'd move to a Linux platform or get Mom a new Win 7/8 PC.

 

If the intrusion is limited to the HDD,  I'll recover by the methods I mentioned earlier.  Then I'd look at the frequency of re-infection rates.  That will determine when I discontinue XP on Mom's PC.

 

I haven't looked around much for XP users' feedback (since Apr 8th).  I'll be doing that in the coming weeks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users