How long does malware last "in the wild"?
I watched this YouTube video where the uploader connected a Windows 2000 virtual machine directly to the internet, no NAT or firewall.
Within minutes, his VM is infected with malware, the overwhelming majority of which is quite old. No browsing is needed, no executing of strange downloads, he simply connects and is infected.
Why does this happen for systems that are 20+ years old? Obviously they no longer get security updates and the exploits themselves still exist on those systems, but I would have thought that the malware using ancient exploits eventually "dies out" in the wild as there becomes progressively fewer and fewer older hosts to sustain it. Are there threat actors still maintaining large botnets of Windows 2000 machines simply to infect more 2000 machines? What would be the motivation behind this if these infections are essentially powerless against modern systems? I can't imagine there are that many systems still running Windows 2000 without being behind their own router at the very least, so how are there enough infected hosts enough to scan and infect new machines that quickly?
(Likely) Alternative: Needless to say infosec is not my field. Am I simply misinformed in how these viruses spread so rapidly, and are the actual infection methods completely independent of volume of hosts?
