What happens if you connect Windows 2000 to the Internet in 2024?

แชร์
ฝัง
  • เผยแพร่เมื่อ 28 ธ.ค. 2024

ความคิดเห็น • 567

  • @Umbreedon
    @Umbreedon 7 หลายเดือนก่อน +648

    > connects to the internet
    > immediately gets infected by a 20 year old worm

    • @therealfox
      @therealfox 7 หลายเดือนก่อน +11

      Where does the 20 yr old Worm lives? Is it cloud Based?

    • @Mihot7
      @Mihot7 6 หลายเดือนก่อน +23

      ​@@therealfoxprobably his IP is public or he is on public wifi example one dusty winxp computer infected with sasser scans wifi and finds this pc.

    • @therealfox
      @therealfox 6 หลายเดือนก่อน +2

      @@Mihot7 so probably its xp cloud from the past.

    • @NotThatEpic7492
      @NotThatEpic7492 6 หลายเดือนก่อน

      i connected it and nothing happened at all

    • @Spacecoreinspace
      @Spacecoreinspace 6 หลายเดือนก่อน +2

      ​@@NotThatEpic7492 turn your firewall and any network protection off and watch the sparks begin

  • @hn1f
    @hn1f 7 หลายเดือนก่อน +814

    Next up: What happens if you expose Red Star OS to the internet

    • @ozzie_goat
      @ozzie_goat 7 หลายเดือนก่อน +227

      A pizza delivery van will be parked outside of your house for a couple months

    • @EricParker
      @EricParker  7 หลายเดือนก่อน +258

      I like where this is going, although it'd probably be more focused on trying to browse the internet than malware.

    • @Sectonidse
      @Sectonidse 7 หลายเดือนก่อน +28

      @@ozzie_goat Flowers by Irene*

    • @ozzie_goat
      @ozzie_goat 7 หลายเดือนก่อน +10

      @@Sectonidse Solid reference

    • @JakeStreisand
      @JakeStreisand 7 หลายเดือนก่อน +9

      You cant. They specifically made it so that if you connect it to the internet it will brick itself.

  • @lezlienewlands1337
    @lezlienewlands1337 7 หลายเดือนก่อน +220

    Damn, Sasser is still active on the internet?
    That's crazy.

  • @skycaptain95
    @skycaptain95 7 หลายเดือนก่อน +750

    Wow. You get hacked and infected with the Sasser worm literally within two minutes even with SP4. I'm not sure what i expected.

    • @nullkid10
      @nullkid10 7 หลายเดือนก่อน +72

      More likely Blaster, due to all the crashes and only one lsass termination.

    • @skycaptain95
      @skycaptain95 7 หลายเดือนก่อน +31

      ​@@nullkid10also possible, but blaster gives a registry entry OP can check (if the VM isn't completely bricked)

    • @Knaeckebrotsaege
      @Knaeckebrotsaege 7 หลายเดือนก่อน +120

      this is the same dude who farmed 320k views with the fake XP video before, putting it on the internet with NO firewall (which is not how the vast majority of people are connected to the internet) and because that STILL didn't work he googled for malware to infect the system with and accidentally left the browser window of him searching for it in the video

    • @wHXpanD
      @wHXpanD 7 หลายเดือนก่อน +30

      @@Knaeckebrotsaege Got a timestamp?
      EDIT: Nevermind, 2:50 on that video, oof.

    • @socar-pl
      @socar-pl 7 หลายเดือนก่อน +14

      Most interesting is how it got hacked - anyone could suggest a path of infection ?
      Back in the day I recall servers got infected from one each other - so having pool of Win2k and one got infrected you had to deal with each separaterly before you got them back online.
      Its 2024 and I cant imagine anyone still having Win2k online that is infected and just waits for another Win2k to go online. Second thing which is bothering me is how does one get infected behind NAT at this point.
      Any comments welcome

  • @widar28
    @widar28 7 หลายเดือนก่อน +374

    Your Win2k was infected from the get go.... man that brings me back. I can't believe that the Sasser is still active after over 20 years... this was also my first contact with Computer Security ^^ A freshly bought brand new computer from the local store, and as soon as the 56k modem finished, 20 seconds later I got the "System is shutting down" message. it is crazy how vulnerable Windows was (and partly still is)

    • @davel4030
      @davel4030 7 หลายเดือนก่อน +7

      Yep, got blasted.

    • @Jesus.Christ106
      @Jesus.Christ106 7 หลายเดือนก่อน +25

      most commonly used OS in the world, actually not that crazy to constantly have found vulnerabilities in it.

    • @KyanoAng3l0_Mtvtks
      @KyanoAng3l0_Mtvtks 7 หลายเดือนก่อน +8

      Sasser was prolly the first time my PC got infected by something from the Net. It was also one of my early years of using the Net. Ig that's one way of learning the Net isn't safe.

    • @widar28
      @widar28 7 หลายเดือนก่อน +6

      @@Jesus.Christ106 hmm... not so sure about that. Supercomputers, servers, embedded/IOT devices, most smartphones, routers modern switches, some gaming consoles, microcontrollers all run on unixoid systems. Only the PC Desktop is dominated by Windows.

    • @HVinduction
      @HVinduction 7 หลายเดือนก่อน +4

      Lol not if you use a good firewall, if you use Windows on the public internet with only the Windows firewall without a hardware firewall such as a good modem or router or with wrong settings such as DMZ you WILL get hacked...

  • @MickmickWashesThings_Official
    @MickmickWashesThings_Official 7 หลายเดือนก่อน +190

    4:30 Actually this happens when an attack fails. There is a similar video of exposing a real machine running Windows 2000, it kept rebooting and blue screening

    • @RandomGuy37
      @RandomGuy37 7 หลายเดือนก่อน +39

      Might be the WannaCry virus that went around back in 2017. If I remember correctly, if it tried to infect a Windows 2000 machine, it wouldn't be able to do anything else to it but crash it

    • @MickmickWashesThings_Official
      @MickmickWashesThings_Official 7 หลายเดือนก่อน +5

      @@RandomGuy37 Yeah, those things are bots

    • @silly_putty_enjoyer
      @silly_putty_enjoyer 7 หลายเดือนก่อน +18

      my guess is it wasMS17-010, aka the infamous EternalBlue vulnerability in SMB

    • @JackSeries44
      @JackSeries44 7 หลายเดือนก่อน +3

      He literally just connected to microsoft and google.
      Not even a sketchy website, that says a lot.

    • @silly_putty_enjoyer
      @silly_putty_enjoyer 7 หลายเดือนก่อน +8

      @@JackSeries44 indeed. win2000 with default configuration is basically a glowing target

  • @xanlord2k
    @xanlord2k 7 หลายเดือนก่อน +108

    Bro got infected with blaster/sasser in under a minute 💀

  • @lillywho
    @lillywho 7 หลายเดือนก่อน +72

    7:22 If you wanted to revive Windows Update in earnest, you could install Legacy Update which redirects it to a community-hosted reverse-engineered server.

  • @KK-bk8kj
    @KK-bk8kj 7 หลายเดือนก่อน +38

    Virus mentioned around 5:15 which destroyed motherboards was called CIH or more commonly "Chernobyl" it did override bios memory corrupting it.

  • @Mihot7
    @Mihot7 7 หลายเดือนก่อน +159

    4:00 sasser joined the game
    Edit: wow I never got that many likes tysm!

  • @diamondman1543
    @diamondman1543 7 หลายเดือนก่อน +144

    This is such a good series

    • @mirrorportal1587
      @mirrorportal1587 7 หลายเดือนก่อน +4

      I agree

    • @Knaeckebrotsaege
      @Knaeckebrotsaege 7 หลายเดือนก่อน

      if you like people faking their way to clicks and views then sure lol. this is the same dude who farmed 320k views with the fake XP video before, putting it on the internet with NO firewall (which is not how the vast majority of people are connected to the internet) and because that STILL didn't work he googled for malware to infect the system with and accidentally left the browser window of him searching for it in the video lmao

    • @Shredddddy
      @Shredddddy 7 หลายเดือนก่อน +2

      super cozy nostalgia trip of giving all my early OS's literal aids when I was a child....but now its like we have a security wizard here to show and explain to us all about the aids we were giving our pc's back in the day :3

    • @Atmatan
      @Atmatan 2 หลายเดือนก่อน

      @@Shredddddy If only any of this were actually real. Good thing tech illiterate like you keep budget youtubers in business.

  • @averyplote7148
    @averyplote7148 7 หลายเดือนก่อน +84

    Hacked% Speedrun world record

  • @vrekt8702
    @vrekt8702 7 หลายเดือนก่อน +23

    So is the sasser worm just still running somewhere in the wild looking for machines to infect? Or is somebody hosting it and doing it that way

    • @howdoiexitvim-i686
      @howdoiexitvim-i686 7 หลายเดือนก่อน +4

      some script kiddies probably hosting it somewhere

    • @rossstewart9475
      @rossstewart9475 7 หลายเดือนก่อน +10

      If not script kiddies, there's plenty of internet connected appliances out there running 2k/XP; ePOS machines, ATMs...
      Their chances of infection should have been reasonably low, but given they've been running for decades at this point, that's a lot of chances to roll those dice.

    • @papajohnscookie
      @papajohnscookie 4 หลายเดือนก่อน

      ​@@rossstewart9475but surely they would be suffering the symptoms of it?

    • @rossstewart9475
      @rossstewart9475 4 หลายเดือนก่อน +1

      @@papajohnscookie Surely, but only the LSASS issue is critical to the continued functioning of an infected machine, and it's quite possible to have a particular configuration of updates that eliminates this issue, whilst not resolving the infection itself and therefore allowing continued propogation.
      Consider this: If Sasser shut down every machine it infected, why then was it able to spread so virulently in the first place?

    • @papajohnscookie
      @papajohnscookie 4 หลายเดือนก่อน +1

      @@rossstewart9475 That's a fair point, my personal anecdotal experience was that Blaster would just constantly cause the lsass process to crash and shut the machine down. I do love the idea of a number of legacy systems being infected with a worm that is 20 odd years old and want it to be true! I intend to set up the same sort of lab environment that was in this video. I'll let you know the results.

  • @RC-nq7mg
    @RC-nq7mg 7 หลายเดือนก่อน +35

    Neat to see. Everyone always talks about XP but Win2K was my daily driver untill xp sp2 was released. Win2k was always one of my favorite versions of windows.

    • @raven4k998
      @raven4k998 7 หลายเดือนก่อน +2

      windows 2000 is pre windows xp not 98 or 95🤣🤣

    • @timhartherz5652
      @timhartherz5652 7 หลายเดือนก่อน +1

      Never switched to XP, never had a reason. Win2k could do anything XP could do, while not looking like a Kids toy.
      Kept Win2k until Win7 came out.
      Of course i was missing out on a additional taskbar icon, who's only purpose was to tell me whenever my antivirus was running or not, what a loss. :-D

    • @RC-nq7mg
      @RC-nq7mg 7 หลายเดือนก่อน +1

      @@timhartherz5652 I don't recall why I switched to XP. I did use to turn off the visual styling so it looked like W2K though, also used less resources.

  • @MudkipOnYT
    @MudkipOnYT 7 หลายเดือนก่อน +30

    This series is really fun, I don’t know how much more content you can make with it because there aren’t many more versions of Windows but great work!

  • @PhantomWorksStudios
    @PhantomWorksStudios 7 หลายเดือนก่อน +66

    Back in 2015 Microsoft released an emergency update going as far back as windows 2000 bc 2000, XP, vista, etc had this exploit. It was released after wanna cry was spawned and had to do with the rdp of I remeber correctly.
    Anyways all I can say is to install that update and then trying this again.
    I was amazed that Ms not only quickly released that update but for Windows XP and especially 2000...

    • @o0Donuts0o
      @o0Donuts0o 7 หลายเดือนก่อน +12

      Wannacry was an SMB v1 exploit if I remember correctly. We were in the midst of a full scale company wide disaster recovery test when I was given the green light to disable SMB v1 across the board. Rolling out GPO’s at that scale are always fun. We had some heart sore Linux admins the next morning who couldn’t connect to shares anymore with their outdated Red Hat distros 😂.

    • @xTh1eFx
      @xTh1eFx 7 หลายเดือนก่อน +11

      EternalBlue (SMBv1 exploit) appeared in 2017, BlueKeep (RDP exploit) in 2019, for both beginning from WinXP patches has been issued.
      Never heard about any patches for 2000, guess its market share was extremely tiny to bother with even back then.

    • @PhantomWorksStudios
      @PhantomWorksStudios 7 หลายเดือนก่อน +5

      @@xTh1eFx yea they even issued the patch for 2000 too

    • @TheCynicalJedi
      @TheCynicalJedi 7 หลายเดือนก่อน

      If I were to guess it's probably because WinXP and older are still in very regular use within industrial fields among other arguably more important ones, like nuclear facilities and Microsoft probably know how dumb people can be, after all this video is proof that all it would take is someone to connect it to the network with internet access for a couple of minutes lol
      Edit: Then again saying that, you'd hope if someone were stupid enough to connect it to the network that things like NAT or a firewall would save it, but I ain't gonna build a 2000 box to test that theory lmao

    • @xTh1eFx
      @xTh1eFx 7 หลายเดือนก่อน +2

      @@PhantomWorksStudios hm, I failed to locate that one, only some unofficial patch from MSFN forums based on backported library from XP...

  • @the2323guy
    @the2323guy 7 หลายเดือนก่อน +133

    suggestion: what happens if you connect windows vista to the internet in 2024

    • @mor4y
      @mor4y 7 หลายเดือนก่อน +23

      No one knows, because even people who would run ME for 'fun' would turn their nose up at running the Vista binfire 😬😆🤣

    • @terrorBanana
      @terrorBanana 7 หลายเดือนก่อน +1

      Chaos😂

    • @newaccount877
      @newaccount877 7 หลายเดือนก่อน +5

      I tried it using Supermium and it runs well

    • @hockypockies
      @hockypockies 7 หลายเดือนก่อน +13

      @@mor4y i like vista, take that

    • @nov2263
      @nov2263 7 หลายเดือนก่อน +10

      You wouldn't know if it was Vista that crashed or because of a hacker attack. Same same.

  • @MIKE_
    @MIKE_ 7 หลายเดือนก่อน +92

    I saw somebody write an article about you showing what happens if you connect Windows XP to the internet, it bought me to your channel to see more interesting videos :)

    • @yeahhhhhhhhhhhhhhhhhhhhhhhhhh
      @yeahhhhhhhhhhhhhhhhhhhhhhhhhh 7 หลายเดือนก่อน +1

      do you have a link to it?

    • @TheCynicalJedi
      @TheCynicalJedi 7 หลายเดือนก่อน +6

      @@yeahhhhhhhhhhhhhhhhhhhhhhhhhh Can't post links in YT comments, PCGamer have an article that specifically talks about Eric's video though, popped up on my phone's news feed last night so might be that one, but it's literally just a written summary of his video, they didn't add anything particularly interesting themselves, just reporting on the facts I guess

    • @blazzer73553
      @blazzer73553 7 หลายเดือนก่อน +7

      Yes and it's a total crock. These videos are pure trash, crazy how uninformed people are.

    • @Sophix_37
      @Sophix_37 7 หลายเดือนก่อน +1

      I've seen the same article!! I like that person wrote about Parker so now I can watch his videos

    • @blazzer73553
      @blazzer73553 7 หลายเดือนก่อน

      @@Sophix_37 well your both very dumb. the misinformation in this video and the extreme deception of that crap article is beyond anything with a brain.

  • @jjjacer
    @jjjacer 7 หลายเดือนก่อน +18

    @3:40 i remember seeing that live back in the day via the Blaster worm, basically if you had your windows 2k system directly on the internet with no firewall, there was a good chance that the worm would eventually hit your IP causing this shutdown popup, and then it would start DDoSing windows update.
    Man viruses back in the day always were memorable, Nimda, Code Red, Blaster, ILOVEYOU, Melissa. Now days its all just generic trojans and cryptolockers

  • @RadiatorTwo
    @RadiatorTwo 7 หลายเดือนก่อน +58

    So ... completely exposed host?
    All ports from router directly forwared to the VM?
    I´ve been using Retro systems online for years now.
    Behind NAT they don´t get hacked....

    • @EricParker
      @EricParker  7 หลายเดือนก่อน +25

      Correct

    • @Loudness84
      @Loudness84 7 หลายเดือนก่อน +6

      The video title describes exactly what has been done here. This is just how you connect a host to the internet. LAN is a different story and it requires a gateway to forward traffic to remote hosts. There are different applications involved, if you access the internet from inside a LAN. Its never been a good idea to connect Windows directly to the internet, lookup how old Norton Internet Security (just naming this popular example) is and you'll see...

    • @TheDragShot
      @TheDragShot 7 หลายเดือนก่อน +8

      @@Knaeckebrotsaege well, if he didn't do that, it's unlikely something interesting would happen unless he went to look for malware manually.
      Oh wait, he did that in the WinXP video.

    • @dawson6294
      @dawson6294 7 หลายเดือนก่อน +14

      @@Knaeckebrotsaege Why does this upset you exactly? He's not hiding this, it's made pretty obvious that you have to go out of your way to expose yourself this much. It's just a fun demonstration of what happens if you do

    • @alkimos55
      @alkimos55 7 หลายเดือนก่อน +3

      ​@@Knaeckebrotsaege He explicitly explained this fact in an earlier video in the series.

  • @DavidFRhodes
    @DavidFRhodes 7 หลายเดือนก่อน +8

    i hooked up a windows 2000 server machine direct to the internet back in 2003. it was just for a few minutes to download drivers before i moved it to an air gap net. I went to lunch. when i got back it was already fubar'd

  • @PCTUTORIALE1337
    @PCTUTORIALE1337 7 หลายเดือนก่อน +18

    Sasser still lives, probably due to some kids running it to this very day, there's no other reason why it would be still running :p

    • @howdoiexitvim-i686
      @howdoiexitvim-i686 7 หลายเดือนก่อน +3

      i mean, maybe those kids are like dannoct, but instead of just seeing what it does, they want it to still live

  • @lethav.delphi
    @lethav.delphi 7 หลายเดือนก่อน +9

    I just found your channel because of a german article on a website. It's really interesting to see how the old systems "perform" in 2024. :) please go on with the series!

  • @Darfk
    @Darfk 7 หลายเดือนก่อน +63

    This stuff is so interesting, it's amazing how fast you're pwned. Are there bots just nmapping the entire v4 address space 24/7 or something? Who's doing this for 20 year old OSes? Any chance you can get a packet capture for one of these experiments?

    • @dingokidneys
      @dingokidneys 7 หลายเดือนก่อน

      There literally are systems scanning the whole IP space; legitimate ones like Shodan for analytical and security purposes, botnets searching for new infection prospects, nation state actors looking for footholds and kids at colleges or universities learning about computer security who will probe you from their campus IP in another country so they don't get bothered by the cops. If you actually watch the traffic on an open port it's really quite interesting. I had a secure SSH host open to the internet and watched the traffic in real time as well as capturing the packets with Wireshark. It was really amazing to look into who was doing what and from where.

    • @egg_addict
      @egg_addict 7 หลายเดือนก่อน +7

      since it was intended for businesses, it probably is a high priority or something. a lot of businesses are probably still using windows 2k, but who knows.

    • @bouncypear_net
      @bouncypear_net 7 หลายเดือนก่อน +7

      ​@@egg_addictI know there's a Windows NT4 PC hanging around the HVAC lab at my college for sure, but I doubt it's networked

    • @KaitouKaiju
      @KaitouKaiju 7 หลายเดือนก่อน

      ​@bouncypear_net it's crazy to think you're one ethernet cable away from malware city

    • @Daniel15au
      @Daniel15au 7 หลายเดือนก่อน +10

      It's possible to scan the entire public IPv4 address space in less than 15 minutes with modern tools like masscan, so there's definitely a lot of bots that are just scanning for open ports.
      There may also be old systems that are still infected with the worms, still spreading them all these years later.

  • @lemonadesnake
    @lemonadesnake 7 หลายเดือนก่อน +11

    7:18 Updates can be downloaded with Legacy Update

    • @ZacharyNoah
      @ZacharyNoah 7 หลายเดือนก่อน

      That's exactly what i did on my Windows XP Professional guest VM in VMware Workstation Pro, which is now free for personal use.

  • @min3craftpolska514
    @min3craftpolska514 7 หลายเดือนก่อน +22

    Do Windows 7 RTM. I wonder how vulnerable is it in 2024 since some pc's probably still run a retail unpatched windows 7.

    • @justina1909
      @justina1909 7 หลายเดือนก่อน +2

      The chances that someone is still running 7 unmatched but deliberately running on the exposed internet is probably low, as those who are unaware about computer security are using home routers with built in protections

    • @GabrielFurryPhone
      @GabrielFurryPhone 7 หลายเดือนก่อน

      I done this and it worked fine I guess but outdated :(

    • @pcb_404
      @pcb_404 7 หลายเดือนก่อน

      ​@justina1909 yeah, the average person needs to put in a considerable amount of effort and bypass a lot of intentional roadblocks to face the internet ass first and get the results seen in this video, which is a good thing. Run any competent modern firewall (built in to basically every router/switch/even service provider....) and you shouldn't be able to get the results seen in the video without going even more out of your way. It's very impressive how hardened computers are now.

    • @conspiracyscholor7866
      @conspiracyscholor7866 6 หลายเดือนก่อน

      I'm still on win7. Works perfectly fine. I even play brand new steam games on it. The system requirements appear to be a suggestion lmao.

    • @тестирование
      @тестирование 3 หลายเดือนก่อน +1

      ​@@GabrielFurryPhone you didn't pass through the ports to net

  • @YS_Production
    @YS_Production 7 หลายเดือนก่อน +3

    Hi Eric!
    a) the Win2k startup sound is absolutely the best one!
    b) the fact you keep closing the Tip of the Day window every time and not unclick the tickbox at the bottom of it is so funny :D
    Thanks for the vid.

  • @JustJassCat
    @JustJassCat 7 หลายเดือนก่อน +23

    Old style malware was a lot more fun indeed. I remember getting myself infected when I was ~10yo (11 years ago) trying to activate windows 7 using shady links on Google.
    The malware that infected me did nothing but infect exes to make them say "File corrupted! This program has been manipulated and maybe it's infected by a Virus or cracked. This file won't work anymore." And over a day, every program said that. Didn't get any of my accounts stolen or anything, just made my system unusable in an amusing way haha

    • @PaulFisher
      @PaulFisher 7 หลายเดือนก่อน

      ah the times when people were in it for the love of being assholes, or industrial sabotage, or occasionally disrupting an entire country’s nuclear program

  • @lemagreengreen
    @lemagreengreen 7 หลายเดือนก่อน +11

    Holy crap, sasser is *still* this fast? haha
    I remember this was about the time it took for any Win2k/XP machine to get hit by sasser back in the early 00's! You can halt the shutdown process after lsass.exe crashes if you really don't want it to reboot, the crash does indicate that it is being exploited though. I cannot quite remember what the payload/purpose of sasser was though.
    Windows 2000 had the event viewer didn't it? that would be where to look for more information on your bluescreen.

  • @thewolfofthestars1847
    @thewolfofthestars1847 3 หลายเดือนก่อน +1

    Ahh, Windows 2000. I have a real soft spot for Windows 2000--it was the OS of my very first computer. I was 5 years old, that thing was already yellowing with age and running with a CRT monitor, I kid you not. It was not connected to the internet, lol. My dad works in IT and always had loads of old computers and stuff around, and he gave it to us kids to let us play around and learn the basics of how computers worked without exposing us to the horrors of the worldwide web. I had loads of fun playing King's Quest and Charlie the Duck and screwing around in MS Paint. I really do think it was a great parenting decision on my parents' part, and I'm glad they did it. Small children do need to learn tech literacy in this day and age, but a 6-year-old absolutely should not be on TikTok or Instagram or whatever. It is more than possible, and in fact a very good idea, to let kids learn how to use computers and phones without rotting their brains on social media before they even know how to spell it.

  • @TetrisMaster512
    @TetrisMaster512 7 หลายเดือนก่อน +5

    It'd be interesting to see older versions of NT, like 4 or even 3.x, and whether they're still actively targeted (or vulnerable to the same exploits that target 2k and XP).

  • @teekatas
    @teekatas 7 หลายเดือนก่อน +12

    boy I miss that old school right click menu animation at 5:28. They don't do that anymore.

    • @jwzm6115
      @jwzm6115 3 หลายเดือนก่อน

      there is a command for registry to get it back for newer version of windows ...

  • @MonochromeWench
    @MonochromeWench 7 หลายเดือนก่อน +6

    Windows 2000 is just too similar to XP RTM to assume anything other than almost immediately getting hacked. 2000 sp4 was released in 2003 meaning it will be vulnerable to anything fixed for xp after 2003. Anything fixed for XP means a public disclosure of what the vulnerability is, effectively zero daying Windows 2000 and is why you never use Windows after support ends it will have known unfixed public vulnerabilities.

    • @morsecypher
      @morsecypher 7 หลายเดือนก่อน

      No, it will not be vulnerable to anything fixed for XP after 2003. Mainstream support for 2000 ended on June 30, 2005, and extended support ended on July 13, 2010. Also, there were patches for 2000 published at least as late as 2015.

    • @MonochromeWench
      @MonochromeWench 7 หลายเดือนก่อน

      @@morsecypher Except in this video he is not using a version of Windows 2000 with all updates applied. As he is using sp4 anything fixed after that is a big problem

  • @astronomersassociation3240
    @astronomersassociation3240 6 หลายเดือนก่อน +2

    i dont know what i expected but it was not getting infected with sasser literally 30 seconds after connecting to the internet

  • @kosratbaway3119
    @kosratbaway3119 2 หลายเดือนก่อน +1

    It also can be Microsoft's own doing to eliminate the usage of older Windows Os.

  • @upthebuffer1921
    @upthebuffer1921 7 หลายเดือนก่อน +12

    What I dont understand is how did the exploit happen? I mean how did the "hacker" get the ip & port for the win 2000 machine? Do they just scan IP's? How does that work as everything is pretty much behind a NAT?

    • @lemagreengreen
      @lemagreengreen 7 หลายเดือนก่อน +7

      Yep, port scanning entire IP ranges.
      As far as I know this guy has the machine completely exposed, bypassing NAT and no firewall running. Also I think I remember him saying it's an Amazon AWS IP or something, a particularly spicy target IP range for anyone port scanning.
      That said it is still quite surprising that the worms (likely Sasser or Blaster) are still out there and still apparently infecting hosts given there has to be basically no new Windows 2000 hosts exposed to the internet.

    • @BlueSheep777
      @BlueSheep777 7 หลายเดือนก่อน +4

      except this isn't behind a NAT, it's a view farm.

    • @GhostGlitch.
      @GhostGlitch. 7 หลายเดือนก่อน +6

      ​​@@BlueSheep777you act like he's misleading viewers. He repeatedly makes it very clear that he is exposing the system directly to the internet. And in his xp video he said it's to emulate how most users were hooked into the intent back in the day when security was significantly weaker.

    • @rossstewart9475
      @rossstewart9475 7 หลายเดือนก่อน +3

      @@BlueSheep777 did you... did you honestly think someone would make a video about Win2k security in 2024 for any reason other than idle entertainment?
      C'mon, now...

    • @BlueSheep777
      @BlueSheep777 7 หลายเดือนก่อน

      @@rossstewart9475 to check if servers running on that version of Windows aren't safe anymore

  • @KaliRoseWolf
    @KaliRoseWolf 7 หลายเดือนก่อน +5

    Id like to see some older/unsecure linux distros & malware/viruses that can effect linux servers

  • @sameash3153
    @sameash3153 หลายเดือนก่อน +2

    Who are these evil people who refuse to let us have fun on older operating systems?

    • @horseathalt7308
      @horseathalt7308 6 วันที่ผ่านมา

      Might be more nefarious that you think. I wouldn't be surprised if MS has these viruses out there to prevent people from using their old versions of software deliberately....=money.

  • @ZaiTheDragon
    @ZaiTheDragon 7 หลายเดือนก่อน

    this is the type of channel where it answers questions before we ask them and then it makes you feel smarter after the video ends

  • @EdwardJr2000
    @EdwardJr2000 4 หลายเดือนก่อน +1

    Finally an Eric Parker video that I can watch on a mobile device without squinting.

  • @leemack4562
    @leemack4562 7 หลายเดือนก่อน +3

    you made my day with this video! the trivia was a nice touch

  • @marcopisco
    @marcopisco 7 หลายเดือนก่อน +1

    Attempted this myself. Kept it up for two hours. Nothing happened (other than a few attempts for port 21 and 80). Nothing hacked it.
    Gave up because I got bored, but I'm considering redoing it

  • @Chowder908
    @Chowder908 7 หลายเดือนก่อน +7

    My question is do virtual machine software like virtual box or VMware allow open Internet connections that attack these older operating systems or is this something you'd have to manually configure to actually open yourself up to this because I like to fiddle with old operating systems and accessing the Internet on them.

    • @frequentfrenzied
      @frequentfrenzied 7 หลายเดือนก่อน +6

      In order to accomplish something like what was done in this video, you would need to manually hook one of your virtual machine host's network interfaces up to an internet connection with no network address translation or firewall in between the two. Then you would need to configure your virtual machine host to pass that physical interface through to your virtual machine, and then configure your virtual machine to either obtain a WAN IP address automatically from your internet service provider's DHCP server if they support that, or set the interface up with the static IP address that was assigned to you by your internet service provider when you initially signed up for their service. You can see him set this WAN IP address up manually on the virtual machine used in this video at 1:55. It is very unlikely that something like what happened in this video would happen to you while you are fiddling with a virtual machine running an old OS at your home. This is because your virtual machine is very likely sitting behind a router that is doing network address translation for all of the devices on your local area network and is also acting as a network firewall that is isolating all of the devices on your local area network from the internet at large. Your router's firewall will block the type of attacks that we saw compromise the system in this video automatically. You still should be very wary of browsing the internet using old, unsupported software though, as your router's network firewall likely will not be able to block all of the malicious scripts that can be embedded inside of websites or downloaded from the internet.

    • @Chowder908
      @Chowder908 7 หลายเดือนก่อน +1

      @@frequentfrenzied essentially as long as I leave settings as default my routers firewall should be able to prevent these attacks as if I were in my host machine? I know the basics of not to click the funny random link and download so I was just curious. Would hate to lose a nostalgic os to malware.

    • @KevinInPhoenix
      @KevinInPhoenix 7 หลายเดือนก่อน

      @@Chowder908 You should be safe behind your router's firewall. I'd stay off the internet which should be easy since you probably can't get a modern browser to run on the older Window OSs. Their old browsers can't display modern web sites.

    • @capulcununteki
      @capulcununteki 7 หลายเดือนก่อน

      ​@@frequentfrenziedIs there a photo or video explanation of how this is done? This sounds very complicated, so far I have never been attacked by a virus when I tried old systems in a VM. I want my virtual machine to be vulnerable to viruses, how can I ensure this?

    • @HVinduction
      @HVinduction 7 หลายเดือนก่อน

      @@capulcununteki The best approach is to use a real machine or a Linux system with VM since Linux has a good software firewall build-in. You need to configure your modem/router to set the IP-address of your PC to a DMZ-host, but warning, the maker of this video is wrong and ALL Windows systems are extremely vulnerable if you set them as a DMZ-host, so DO NOT do this if you are running a Windows host system otherwise you WILL get hacked, in Linux this is pretty safe unless you mess with the root and firewall settings.

  • @fatlip8315
    @fatlip8315 4 หลายเดือนก่อน +1

    Windows 2000 has an Active Desktop! I miss that. It disappeared too early.

  • @brandnewkutta
    @brandnewkutta 7 หลายเดือนก่อน +7

    Eric Parker on a generational run rn, been here since a couple hundred subs keep it up man

  • @youmanyousef
    @youmanyousef 7 หลายเดือนก่อน +3

    It’s so funny that worms are still circulating from decades ago

  • @gitshell
    @gitshell 7 หลายเดือนก่อน +2

    Parfom my ignorance. But what is the network config of the machine? Did you made it public to the Wan? Like, the web can basically initiate a "talk" to it? From my little knowledge, as long as a LAN network is safe - every computer in it is safe- connecting a fossil to it wouldnt be a problem.

    • @howdoiexitvim-i686
      @howdoiexitvim-i686 7 หลายเดือนก่อน

      he's directly connecting it to the internet, no router, no NAT, no firewall, his ip is his computer, not the router just routing ports

  • @PingerSurprise
    @PingerSurprise 2 หลายเดือนก่อน

    Interesting to see that old worms still plague the Internet, just waiting for an old OS to connect.
    Even if those worms aren't too dangerous if contained in a virtual machine, this confirms that it's better to keep a secure connection between the host and guest and browse the web with the host only.

  • @Uhhhhhhhhhhhhhhhhlb
    @Uhhhhhhhhhhhhhhhhlb 7 หลายเดือนก่อน +8

    Who tf builds random virus bots for specifically Windows 2000 machines connected to the open internet?

  • @aonews
    @aonews 7 หลายเดือนก่อน +1

    Windows ME living up to expectations and crashing whenever anyone wants to run some software on it... even the hackers.

  • @UmarBlox5124
    @UmarBlox5124 7 หลายเดือนก่อน +2

    bro you literally turned off all the protections

  • @tlatai
    @tlatai 18 วันที่ผ่านมา

    I have sort of a weird solution to this, where the actual internet connection isn't even on Windows. Use a crossover cable to hook Windows up to a Raspberry Pi with WiFi, setup static IPs, and establish. To use the web from your Pi, you can install a browser called Lynx. Just keep in mind that for better or for worse, it's an entirely text-based browser, so you can use it for reading but nothing with graphics like Space Jam. To access Lynx from Windows you need an SSH client like Putty, which isn't available, but what Windows does come with is an FTP client. So you can setup an FTP server on the Pi and use it to transfer the SSH client to Windows. However, the algorithms supported by old versions of Putty are outdated, so you'll have to enable them, but once you do you'll be able to SSH the Pi and browse the web. And you'll be able to use Linux from your old Windows machine (I use a Win98 Compaq)

  • @afandiyusuf04
    @afandiyusuf04 7 หลายเดือนก่อน +1

    nowadays virus : It's all about money.
    20 years old virus: It's about sending a message.

  • @eyelmejor1388
    @eyelmejor1388 7 หลายเดือนก่อน +4

    i just discovered your channel, its great, keep it up!

  • @gabrielleeliseo6062
    @gabrielleeliseo6062 7 หลายเดือนก่อน +4

    You CAN connect Win 2000, 98, 95 to the internet...but you have to be careful WHERE you surf, or you'll get some fun.

    • @nathanielcleland6566
      @nathanielcleland6566 7 หลายเดือนก่อน +1

      Thing is I recently compiled an application and ran it on 2000, but I still haven't managed to get it running on ME (real hardware for both).
      Windows 2K needed a couple of XP only functions that are used by the modern Microsoft C runtimes. These were actually fairly trivial to implement as stubs if they're not implemented in kernel32 (runtime resolution), things like EncodePointer.
      But to target 9x is more complex, as you need Unicode support (there is a library for that), and substantially more functions. Plus you have to set the headers correctly, and I can't find any documentation about what 9x actually looks for here!
      If you don't actively target 9x your malware is unlikely to work on it these days. And who targets 9x!?

    • @тестирование
      @тестирование 3 หลายเดือนก่อน

      No. They exposed all ports to the nat so they got hacked fast

  • @lilkhalil616
    @lilkhalil616 3 หลายเดือนก่อน

    So the 2000 internet and 2007 internet is different from each other

  • @darkbasement1
    @darkbasement1 7 หลายเดือนก่อน +2

    windows 2000... the start of the home and pro era

  • @BhaktaRobin
    @BhaktaRobin 6 หลายเดือนก่อน +1

    NAT behind routers stopped this. since people do not use dail up connections and instead have broadband routers this stopped

  • @beftlidev
    @beftlidev 7 หลายเดือนก่อน +2

    3:05 This smile was personal 😅

  • @NguyenHoang-pv2xd
    @NguyenHoang-pv2xd 13 วันที่ผ่านมา +1

    Another reason use Windows 2000 Extended Kernel to run modern web browser, hardcore retro gaming, because not all retro hardcore gaming to support Windows 10/11, because multiplayer gaming hardcore retro on Windows 2000 Extended Kernel.

  • @FFusioNN
    @FFusioNN 7 หลายเดือนก่อน +2

    You were at like 5k subs just a week ago, loveee your content man!

  • @vladislavkaras491
    @vladislavkaras491 7 หลายเดือนก่อน +1

    Well, that was quite fast! :D
    Thanks for the video!

  • @BarnabasFabian-og9xq
    @BarnabasFabian-og9xq 7 หลายเดือนก่อน +1

    i really dont understand how they do it so fast. Like you basically type in google, and youre hacked how do they know the ip range and stuff they should be looking for?

    • @EricParker
      @EricParker  7 หลายเดือนก่อน

      mass nmaps

  • @thedylansang
    @thedylansang 7 หลายเดือนก่อน

    All these kinds of videos have been interesting to me, as long as I've believed that nothing could go wrong connecting an older version of Windows to the internet.

  • @astrocent
    @astrocent 7 หลายเดือนก่อน +1

    I just dont understand how. Who found you that fast and how did they see you? Just by simply going to Google?

  • @Osakarmakun
    @Osakarmakun 7 หลายเดือนก่อน +3

    I feel like this video is kind of false because I have been using Windows 2000 with Extended Kernel on my second machine connected to the internet, and nothing has happened.

    • @ryoPL2142
      @ryoPL2142 7 หลายเดือนก่อน +5

      This VM is connected directly with ports open, while yours is probably behind router. Thats like having your home front door open all the time. This is to show how weak the security is if exposed to a worst case scenario. Behind a router and functioning brain using old OS is mostly safe.

    • @scottkrafft6830
      @scottkrafft6830 2 หลายเดือนก่อน

      Same here

  • @Ozzy_Helix_
    @Ozzy_Helix_ 20 วันที่ผ่านมา

    could you be experiencing BSOD messages because of the AMD engineering sample?

  • @dovacon7409
    @dovacon7409 หลายเดือนก่อน

    8:25 i had that problem with my windows 7, it didnt start because userinit.exe didnt automatically start. So maybe its the same problem? I also "fixed" it by either starting explorer.exe or userinit.exe

  • @markusTegelane
    @markusTegelane 6 หลายเดือนก่อน

    6:07 that's system properties, because it says rundll target is sysdm.cpl, which if you put into a run dialog, opens system properties

  • @ENNEN420
    @ENNEN420 7 หลายเดือนก่อน +1

    This either an instant Sasser infection or instant Endless blue exploitation. I don't know the associated error codes (it's been nearly 20 years since I've dealt with Sasser) but I think it would be really funny if Sasser was still online lmao

  • @fragalot
    @fragalot 7 หลายเดือนก่อน +1

    I don't understand how random file can just suddenly appear like this and be executed. when you popped over to Virustotal and a lot of the malware was listed as a trojan but isn't a trojan something you have to download (pretending to be something else) and execute yourself?

    • @lPlanetarizado
      @lPlanetarizado 7 หลายเดือนก่อน

      that just shows you how vulnerable this old OS is, nowdays isnt that easy
      the thing is if you have a bug that allows you to execute code, you can allocate code to download and execute that dont need the user to do anything

    • @BlueSheep777
      @BlueSheep777 7 หลายเดือนก่อน

      ​@@lPlanetarizadothis wasn't even behind a NAT...

    • @lPlanetarizado
      @lPlanetarizado 7 หลายเดือนก่อน

      thats true....but even then you could get hacked, just not this quickly

    • @baumstamp5989
      @baumstamp5989 7 หลายเดือนก่อน

      you are correct!!

  • @eduardoroth8207
    @eduardoroth8207 7 หลายเดือนก่อน +1

    found your channel, and immediately subscribed after seeing what your content is like

  • @pajamaboy67
    @pajamaboy67 5 วันที่ผ่านมา +1

    how are you making win2000 run on like 200fps 😭

  • @descubriendointernet5817
    @descubriendointernet5817 7 หลายเดือนก่อน +1

    And with a firewall like zone ⏰ alarm????

  • @Masterix.
    @Masterix. 7 หลายเดือนก่อน +1

    Hi, I'm sure you've already somewhere answered this question, but what distro are you using?

  • @Qazwsxedc165
    @Qazwsxedc165 7 หลายเดือนก่อน +1

    When it comes to windows update. Microsoft stopped allowing OSes using SHA-1 hashing from updating. So patched windows 7 is the earliest OS that can use windows update. You can update 2000 with legacy update i think.

  • @Prism019
    @Prism019 7 หลายเดือนก่อน

    1:40 The CPUID instruction, when called to get the processor branding string will literally move an ASCII string literal into the registers EAX, EBX, EDX, and ECX.

  • @markshade8398
    @markshade8398 7 หลายเดือนก่อน

    4:55 how did software "permanently destroy your motherboard"?
    Short of overwriting the bios I'm not sure that there would be any such thing and even then the bios chip could usually be replaced.

    • @rossstewart9475
      @rossstewart9475 7 หลายเดือนก่อน

      The virus in question, CIH, zeroed the first meg of your boot drive and corrupted a bunch of different BIOS chips; These things were technically recoverable, but we're just at the tail end of BIOS chips being through-hole rather than SMC, so YMMV - and either way, it's not really intended as a *user* servicable part; If you took that to your local computer shop, they'd tell you to replace the board because it would probably be cheaper.

  • @LeeZhiWei8219
    @LeeZhiWei8219 7 หลายเดือนก่อน +1

    Man, this is awesome content. Saw your "What happens if you connect Windows XP to the Internet In 2024." Intriguing!

    • @LeeZhiWei8219
      @LeeZhiWei8219 7 หลายเดือนก่อน

      Perhaps you might wanna use Legacy Update, newer replacement for the good ol Windows Updates. Then patch the system to it's latest.

  • @donaldnemesis393
    @donaldnemesis393 4 หลายเดือนก่อน

    I like how they still attempt to sent the 20 years old worm that only works on the ancient windows

  • @ph7947
    @ph7947 7 หลายเดือนก่อน +2

    great video lets see more pls :D very intresting seeing effects and explorer the virus

  • @apple_ilev5s
    @apple_ilev5s 7 หลายเดือนก่อน

    4:00 this just proves how mighty modern technology is, preventing you from worms like sasser trying to infect you every minute

  • @LolWutMikehSM
    @LolWutMikehSM 7 หลายเดือนก่อน +1

    the system shutdown ui can be aborted with run -> shutdown -a, there are other syntax you can use other than -a for abort that generate it in different ways. It's how we used to make our friends fake viruses back in the day. It very much DOES shut down the PC. Whats likely happened here is that something wants to enable persistence and needs you to restart.

    • @leepicstitch
      @leepicstitch 7 หลายเดือนก่อน

      Sasser and Blaster both cause the computer to shutdown like that. The machine was infected by one of those immediately.

  • @yuripromonkey9171
    @yuripromonkey9171 7 หลายเดือนก่อน

    I had nightmares thinking about WIndows XP getting exposed by hackers in a minute or so, but this happens when you use Windows 2000 and the BSOD shows up on crash while hackers try to catch you with malware or any other kinds of viruses that you don't expect to come. Same thing goes when you use use Windows NT 4.0. It is a nightmare to have such old Windows OS in 2024. I wish I didn't believe it.

  • @narcs.
    @narcs. 7 หลายเดือนก่อน +1

    You were just featured on some ordinary gamers channel, came racing back to check your sub count to see if it’s risen and it has quite a bit

  • @HouseOfFunQM
    @HouseOfFunQM 7 หลายเดือนก่อน +2

    It’s weird because you seem to know what you’re talking about, but… somehow you’ve never seen what Sasser or Blaster look like?

  • @jasonluong3862
    @jasonluong3862 7 หลายเดือนก่อน

    In terms of stability, Windows 2000 Professional was a rock. XP came along making it more versatile. Therefore in terms of improvements on a previous product, Windows XP is king.

  • @MatthewCenance
    @MatthewCenance 7 หลายเดือนก่อน +1

    Are you hosting malware on the host PC, or is the VM actually getting infected from real websites?

    • @frankbucciantini388
      @frankbucciantini388 7 หลายเดือนก่อน

      The VM is exposed to the internet with every port open. There are bots scanning the whole IPv4 address range 24/7, mainly from Russia and China, trying to infect vulnerable targets automatically. In this case, they succeeded. TL;DR you don't need to browse the internet and visit malicious websites to be infected, the IPv4 address space is so little in today's terms that those bots will find you and will infect you, it's just a matter of time.

  • @VibeMD
    @VibeMD 7 หลายเดือนก่อน +1

    I don’t get these videos. Who’s looking for and attacking your open ports? Am I missing something?

    • @frankbucciantini388
      @frankbucciantini388 7 หลายเดือนก่อน

      bots scanning the entire IPv4 address space 24/7, mostly from Russia and China.

  • @bmkhalidhasan
    @bmkhalidhasan 7 หลายเดือนก่อน

    Do you use virtual machine or you screencapture using display output?

  • @RichardPhillips1066
    @RichardPhillips1066 7 หลายเดือนก่อน

    I tried with windows 98, and NO mainstream browser would install. The default made a total mess of websites

  • @censoredeveryday3320
    @censoredeveryday3320 7 หลายเดือนก่อน

    My favorite bug in Windows 95, 98, 2000 back in the day was the IP Fragment overlap bug. You could send a packet to a host with a specially crafted TCP ip packet with invalid ip fragments and when the kernel tried to reassemble the packets back together, kernel would blue screen. I used to run this code on a cron job and crash coworker machines, printers, and other stuff on the network.

  • @bwack
    @bwack 7 หลายเดือนก่อน

    From what I remember from 20+ years ago, playing around with Windows 2000 installs on my pc, at some point in time, the machine got infected like yours by simply pluging the ethernet cable. I remember that the service packs fixed it, back then. ca 2001-2002 :)

  • @AmperSand666
    @AmperSand666 7 หลายเดือนก่อน

    I'm curious if you have an Windows NT 4.01 to try, as far as I remember was extremely robust - and because of this, not very user friendly.

  • @mainfalsedata
    @mainfalsedata 7 หลายเดือนก่อน +4

    Happy to see you doing all these!

  • @saop94
    @saop94 7 หลายเดือนก่อน

    How is it possible to get a virus by just connecting to the internet? I thought you have to enter to some web page and accept adds or install something

  • @toddfraser7009
    @toddfraser7009 7 หลายเดือนก่อน

    Are you running this 2000 install exposed directly to the internet? or with a router firewall?

  • @oguzhankarahan1737
    @oguzhankarahan1737 7 หลายเดือนก่อน

    The introduction of the video reminded me Windows XP. Ah, I missed that legend too much.

  • @veryseriousperson_
    @veryseriousperson_ 7 หลายเดือนก่อน +1

    Wait so you can get a malware just by connecting to the Internet? but how, like you aren't downloading or visiting malicious websites.

    • @EricParker
      @EricParker  7 หลายเดือนก่อน +5

      Because if it's exposed to the internet you can just scan for vulnerable ports.

    • @satunnainenkatselija4478
      @satunnainenkatselija4478 7 หลายเดือนก่อน

      @@EricParker But what kind of internet connection do you have because I cannot even remember the last time I had a service provider that allowed inbound connections? It must have been at least 15 years ago.

    • @kunka592
      @kunka592 7 หลายเดือนก่อน

      @@satunnainenkatselija4478 Set your modem to bridge mode and connect a PC with an old OS to it and maybe you can have fun, too.

  • @Yadobler
    @Yadobler 6 หลายเดือนก่อน +1

    I agree, win2000 startup really nostalgic and compared to XP (which Tbf is more nostalgic) win2k has some tinge of Internet but no mobile phone.
    Idk why but I think of the wtc, I guess pre-2001 vibes. You'd see movies and the airports were like bus terminals.
    I think 2000 was just nice in that it was still old enough to be the "good ol times" of developed world, but recent enough for most countries to be over with post-ww2 civil war / cold war tragedy