Life can be though,

Especially when you're a linux user, in a school sponsered by Microsoft... It generates hate, massive ammounts of hate.

One day that had to come to an outburst, that day has come...

After a wickedly hard final on Windows 2003 Active Directory i came home and saw the test-rig i had installed windows2003 on... I felt a rush go through my head... This windows had to DIE, and painfully...

So I opened up IE and disabled ALL security blockings, allowed active X to run whatever it wanted, and then started surfing some sites that are reknown for the greater good of the internet... www.porno.com and more off the like, this surfing started to jank at the resources of my victim... Then I went on, first installing the messenger 7 beta, then about 5 toolbars for IE, now this was great for getting the juice going, process requirements went through the roof!

Then came the first 'fatality'-hit! I installed Kazaa! the full edition ! It was struck down! And struck down hard! As soon as kazaa was installed, all IE-windows-froze for about 5 minutes...

I was just about to give up on my victim when suddenly a burst of action took hold of my HD! On and On and On it went! Trying to make its suffering a little longer... So I gave it the equivalent of a salten towell for a bloody wound... I installed MS antispy... Warnings were raised all over!!! jeeeeeeeeeeeej Suffer!

Then came another blow! out of the blue I ordered a reboot! Took the victim 30 minutes (!) to shut down and another 10 to boot up again... When it came up, it still took 12 minutes for the 'administer your server'-wizard came up again, allthough allready 4 pop-ups had appeared on the screen begging me to start gambling... I allready noticed a fancy icon on my desktop saying 'start gambling now'... So I clicked it :) Down it all went! system resources went berzerk again...

K time for another site! www.warez.com would be it! IE went open (and closed within 2 seconds for 6 times) and theree were the 5 toolbars once again... warez.com offered us a p2p-program, so to support kazaa, we installed "warez"... all looked wel as our victim was crumbling under our repeated lashes... More pain was needed... Let's go searching for bonzi buddy! In ALL toolbars at the same time :) Pop-ups were bestowed upon us! Finally we came to the download-section, we started the download, suddenly it asked us to trust all software made by the makers of bonzi buddy, off course we agreed, cause a company that created a monkey, so cute couldn't possibly want bad things for our PC???? An error occured during the install of bonzy buddy, suddenly the Antispyware agent went off!

We allowed everything to be installed...While bonzi buddy was installing we got bored... so we decided to go after the mother of all spyware... GATOR... just arriving on gator.com-download-page is apparently enough to get it installed, now isn't that handy? no suddenly a pop-up warned us that spyware might be on our system! TRUELY? NOW YOU WOUDN'T SAY! OW now isn't that great?? gain will automatically keep track of my VISA-CARD information AND my adress! it will even fill out the forms on the websites I visit so I don't need to type the whole time...


Then it asked for mercy! Bonzybuddy needed to reboot the system! lets be nice... but not really, it would get its reboot, but just not really nice! Hard reboot it was, out went the powercord!
We watched invigorated as the windows-system tried to boot... As the system booted (generating massive amounts of network-traffic) it became apparent there was a utility on the desktop called 'Speed up my computer', it sounded great since the damn thing was really slooooooooooow... so upgrade it... but before we could click it, it all froze... a few minutes later, again a burst of activity, again system resources went to hell... popups flew around, msn killed the rest of the resources and then it all went dead once more... This time it didn't take as long to recover for my victim, so my next blows would have to be decisive... i still wanted to do the speed up my computer thing so i first tried that... Ah damn you have to pay for it...

Then i got an idea, i decided to search google for 'worst malware ever', the first non-virus that popped up was ezula... fun thing is, they MAKE spyware, and sell Anti-spyware :-) btw they call their product Contextual Advertising Solutions...

Then I decided I wanted to make this a rewarding experience, so i started monitoring the traffic genrated by this machine... Allthough we weren't surfing, it just kept on making www-connections... I've added a couple of the results from my scanning and logging...

Then all IE's disappeared for the 5th time in a row... for some reason we can't have 1 IE window open, it allways spawns more of its companions, taking up all resources it can find... This machine has been effectively totally immobilised, IE freaks out like hell, all resources are constantly under maximum stress... We've destroyed a windows-server-installation in under 4 hours by just using it like at least half of the people on this world use it...

I suggest everyone who ever gets frustrated to do this, it feels rewarding and if you monitor its output on the network, you learn a lot, and getting the spyware sometimes makes you understand how they trick 'regular people' to get it...

But please don't do it with virusses, it isn't as rewarding and really just too easy...


NOTES:
******

- all used spyware / software was just gotten from the internet, straight from the sites where they are officially hosted...
- The windows 2003-version is a legal trial version, i got at school with my MOC about windows 2003, it was fully updated with the latest patches from windows 2003
- The OS is almost totally unusable, resources are hogged to the max, no applications run smooth and even simple stuff (taking a screenshot) is almost undoable...
- Please note that to please the PC, i immediately installed Lnx on it again to make it happy, now its happyly running and being stable...

pictures from the killing:
Ezula (http://users.skynet.be/mistic/killingWindows1/EZULA.JPG)

Pop-ups (http://users.skynet.be/mistic/killingWindows1/POPUPS.JPG)

bonzi buddy error (http://users.skynet.be/mistic/killingWindows1/bonzi.buddy.error.jpg)

more popups and unwanted sites (http://users.skynet.be/mistic/killingWindows1/more.popups.jpg)

Begging for reboot (http://users.skynet.be/mistic/killingWindows1/please.reboot.me.jpg)

system load (http://users.skynet.be/mistic/killingWindows1/systemload.jpg)

Warez.com (http://users.skynet.be/mistic/killingWindows1/warez.com.jpg)

the logfile (http://users.skynet.be/mistic/killingWindows1/killingWindowsLog1.txt)

One more hint for all of you: sometimes you just have to let it GO...

Nice...

mistic ... from belgium ... q3 player?

well done!

what's really funny is i've seen friends computers even worse than that, and none of it was intentional.

Hehehe :)

that is a really cool way to take down a windows machine. i am wondering what all that traffic was about. perhaps you were zombified and your computer was spewing out spam emails or something.

i wonder how long it would take a unfirewalled win95, 98, me, 2000, xp machine to get compromised. i think someday i will put a 95 box on the net and see. then a 98 box, etc. i read a article somewhere on the net that said a xp box with SP1 was compromised in 15 minutes of putting it online. or maybe that was within getting a virus.

Zimbabwe take down!

Beautiful, man - just beautiful.

I have cleaned/repaired/llf countless machines that were just like yours...but they all did it to themselves "accidentally"

Makes me want to go and do the same right now on a new winxp install on my kids' box...( hey now -- I'd FIX when I was finished!)

jdodson - recent "official" reports say that currently:

it takes about 20 minutes for a "stock" winxp machine to become compromised and
about 3-4 months for a "stock" linux machine.

I want to have a windows license burning party. I think I have a zillion of them.
Maybe burn some CD's as well...we can set it up like Burning Man (http://www.burningman.com/)

that is a really cool way to take down a windows machine. i am wondering what all that traffic was about. perhaps you were zombified and your computer was spewing out spam emails or something.

i wonder how long it would take a unfirewalled win95, 98, me, 2000, xp machine to get compromised. i think someday i will put a 95 box on the net and see. then a 98 box, etc. i read a article somewhere on the net that said a xp box with SP1 was compromised in 15 minutes of putting it online. or maybe that was within getting a virus.

It only takes 4 minutes for it to be compromised.

http://www.oreillynet.com/pub/wlg/6000

While the end result in the screenshots did make me giggle, you kinda started sounding maniacal there, speaking in the plural and everything. Like Smeagol/Gollum (no, I don't know if I spelled them right) or something.

But once I went on a toolbar download craze. I didn't intentionally get spyware only, I had google, yahoo, etc, I just wanted to see how many toolbars I could get in one window. By the time it was all over, it was about 2/3 toolbar, 1/3 page view. Kinda funny and surprising that it still worked.

Oh and this was all when I was at work. *L* The lady who brought it in was upgrading and wanted everything wiped out, and we were waiting on parts, and there was nothing to do that day, so ;)

Yeah - I was thinking it was 4 minutes, but I was going from memory -- sometimes a bit foggy.

Thanks for the correction.

haHA! Hilarious!

dude, u're borned on 19th February? :)

Considerably more inventive than I was...my last Windows install I finally dd'd into oblivion.

Call it a mercy killing...

LOL! Man... I almost puked while busting my gut laughing at this post! I can't begin to tell you how many pc's have come across my work bench in the same or worse shape. The funny thing is the dumb @ss look people give you ("I don't know how that happend... it wasn't me?") when you inform them that their pc's has been bogged down with crap. :-P

It only takes 4 minutes for it to be compromised.

http://www.oreillynet.com/pub/wlg/6000

Less than that. The first time I put my XP box on the Verizon DSL network without a firewall, I had 15 viri in less than a minute of it being plugged it. Took me a week to clean it.

Hey, You're from Belgium too (saw the skynet link for the pictures).

I know how you feel, I went through MS sponsored IT schooling too. They even forced a contract on the school that literally said that to get the discounts, they had to remove all non MS-systems, including two AIX servers...

by Nocturn
Hey, You're from Belgium too (saw the skynet link for the pictures).

I know how you feel, I went through MS sponsored IT schooling too. They even forced a contract on the school that literally said that to get the discounts, they had to remove all non MS-systems, including two AIX servers...


Yes indeed I'm from Belgium.

My school didn't have to remove all non-MS-systems, but they do force students to buy a yearly licence for the MSDNAA-thing (1st year: 150 Euro, 2nd year: 200 euro and 3rd year: varying between 100 euro and 300 euro depending on witch specialisation you do) And that's just for one year, and we are not allowed to make anything we can make money with since its just 'Student licences'...

A lot of the teachers in my school are REALLY windows-minded. All school-student-communication goes through 'virtual'-means. But none of the school-sites work under linux, the main site even has a script going


If browser = Internet Explorer then

Showmenu()


So if your browser is not IE, it won't show a menu! (luckily this is easyly fixed by a 'user agent switcher') The webmail from school wont even open in firefox... Plus there are teachers in the first year discouraging students to install Linux 'You can't do anything with it!' is their statement... Now you can probably understand why we (the linux users) sometimes get a bit aggitated...


by poofyhairguy

Less than that. The first time I put my XP box on the Verizon DSL network without a firewall, I had 15 viri in less than a minute of it being plugged it. Took me a week to clean it.



Yes indeed, that is what happened to my brother too, so now he's running linux... He had done a fresh install on his box, using win XP, when he was done configuring ADSL, he went to bed, next morning his win XP was dead... all by itself, so he called me to ask for relief, and I told him I could make sure he would never have virusses again... then i installed linux :-)

I want to thank you all for the great replies :D Next up is a Win XP box... a friend of mine brought it in for destruction, it was his testing rig, so we will continue this search in the best way to wreck a windows by using it... Without virusses... Next time we will spend more time logging and stuff so more will be learnable to us...

Greetz
Mistic

I think this definatly ranks as the funniest post on the forum eva !!!

:D Great thread!!! =D>

I know that situation, most of PCs at my work was with winblows until I got hired. It was a bloody mess. But now 2/3 of the computers running Linux (that's th previligies when you in charge of the IT at your work 8) ) 1/3 Mandrake and 1/3 Ubuntu and the last 1/3 winblow 2000 pro.

anyone noticed how slow XP after SP2? :D

SP2 won't save you....but; I'm gonna do it.

I found an old 4GB maxtor drive. I'm going to install winXP, leave those services running (server, web client, remote anything...), no firewall...all that...

I'll run some monitors to see what's attacking, if anything (we all know I'll be comproimised quickly) .

I haven't done anything like this since I set up a sandbox to test our firewall on our secure network...what was that firewall???

I won't let the websites install any crap until I see that I've been compromised....but I might let a virus come on just for giggles...see what it does. Let some trojans run...

...but then I'll have to block outgoing, ey...

I think this will be fun.

I'm posting from my winxp install now -- it was scary how quickly I was effected....my ethernet activity light never stopped once I was connected -- every port between 1-5000 is listening...ther are multiple connections to my machine on various ports both in and out.

It took less than 2 minutes once I was connected.

There are 5 new startup proggys in my /hklm/etc/etc...run registry entry

one file called win2.txt in my C:/ directory (it's 1kb) I've never seen this before...

woohoo!

I have cmd open with netstat -a running...every few moments I give the comand again...it takes a Looong time for the scrolling to stop.

Most of the net connections are just listening, but I have connections on multiple ports from multiple addresses.

Woohoo!!

I just installed x-netstat 5.1 and the google toolbar...gonna reboot.

--->edit<----

Got infected with Sasser quickly...IE is slow as a dog and I'm putting firefox on.

After that I will install anti-virus, then after that nuke the whole install...

It was fun (safely on a standalone spare drive) and very quick!

Thanks to the original poster and wrecker of windows...rock on.

I went to trend micro's online virus scan site -- it found 3 viruses (after I removed sasser).

I'm not adding all those IE utilities and enhancements that the original poster did - I just want network action -- with a default (no updates) XP install.

After the virus scan - I let the service delete the files it found.

Then I installed microsofts beta (1) spyware monitor/cleaner...it found one piece so I told it to remove it.

Now the real menace...I went to astalavista3.box.sk and searched for a turbotax crack (kids - don't do this at home on yor windows machines unlless you're an idiot, like the pain, or empiracle and well protected)

I clicked on the 3rd or4th listing...went to a new window, clicked on the turbotax premium 2002 link and did as instructed. You must answer yes to download...

I clicked yes...as we all know - I was immediately innundated with malware....then microsofts scanner popped up catching much of what went on - removed some, blocked others, (then IE crashed) but it was too late.

Now - running a new scan with msofts new tool :

15 spyware threats found
2 memory processes infected
23 spyware files infected
167 registry keys infected

I must say that i'm pretty impressed. The viruses were delted by trendmicro (ancillary files not checked, I deleted the instances from the registry - start up proggys)

microsoft scanner just finished cleaning and it wants to reboot my machine.

....reboot

well - neither service did much.

I still have the same viruses (except for winservices.exe (or something like that) that's gone) loaded....and microsofts spyware scanner was not too successful at removing much.

Oh, and running sysedit now yields errors... I have to check config.sys et al individually.

So - just goes to show you either that:

these companies cannot be trusted
malware is too tough to handle
winxp is completely fcked

I'll take all three, Bob...and the mystery behind door number 3.

Well...back to Ubuntu.

happy computing

Well have to go home for the weekend...

A scared winXP is waiting for my return :-) It will suffer as soon as I've got time for it...

I'm really starting to enjoy this stuff, maybe we should make a league :-)

greetz
Mistic