Friday 19 October, 2012
A Microsoft study has found a number of computers coming out of the factory with Malware already installed. Cybercriminals had somehow infiltrated an unsecure supply chain and infected the PCs before they even went on sale.
Microsoft’s Digital Crimes Unit (DCU) purchased a number of computers from stores in different cities in China. It found that 20 percent of them were infected by a botnet called Nitol. Each of these computers, when first turned on, began searching online to connect to their command center and start relaying data.
The Digital Crimes Unit was investigating the computers looking for counterfeit software programs when it made this discovery. Nitol and other malware programs are often spread through counterfeit software programs. When they’re installed on your computer, it gets infected.
The Nitol botnet steals user names and passwords and sends them to a control center where they can be distributed to hackers. It’s used mostly for gathering data about financial accounts and transactions.
Nitol is just one piece of malware that was found in the computers. Although it was the most pernicious, other programs were dangerous as well. One program in particular allowed hackers to access the computer’s audio and video capabilities, allowing them to see directly into the user’s home.
The Launch of Operation b70
The discovery of malware-infected computers in China has prompted Microsoft’s security team to launch an attack to take down the Nitol botnet as well as 500 other malware programs. It received permission from a US court to go after the network of computers running Nitol. It’s being called ‘Operation b70.’
The directive from the court allows Microsoft to take control of the 3322.org domain, a domain in China where Nitol as well as a number of other attacks have come from. The owner of the domain denies knowledge of the programs, but there is widespread evidence that it has been used for malicious attacks since 2008.
Operation b70 has already found four computers infected with malware before they hit stores in the US.
How Big Is the Problem?
Right now, the problem of computers with malware factory installed is not widespread, at least not outside of China. But the discovery has security experts worried. What it means is that cybercriminals are using more sophisticated methods to infect our computers. Installing malware programs on the factory floor before the PCs even get to stores is a bold move.
Consumers have always been warned about downloading and installing dodgy programs because of the malware they may contain, but there’s little you can do if the malicious programs were installed before the computer even hit the marketplace. This means that malware threats are growing increasingly more serious.