Microsoft: Malware preloaded on PC production lines in China

Summary:The company finds cybercriminals had infiltrated unsecure supply chains to hijack brand new computers, prompting an operation to disrupt the emerging Nitol botnet, and over 500 other strains of malware.

Several new computers in a Chinese factory were found to have been infected with malware which was installed there, according to a study by Microsoft. This helped the company obtain a United States court order giving it permission to tackle the network of hijacked computers infected with the Nitol malware.

In a blog post Thursday, Microsoft said the viruses were discovered, when as part of study to confirm speculations, its team of investigators bought 20 PCs, 10 desktops and 10 laptops from different cities in China. Four of the brand new computers were preloaded with malicious programs.

Microsoft was then able to secure a court order to tackle the malware network, in its effort it codenamed "Operation b70". It later found that cybercriminals had infiltrated unsecure supply chains to introduce counterfeit software embedded with malware .

"We found malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim’s home or business. Additionally, we found malware that records a person’s every key stroke, allowing cybercriminals to steal a victim’s personal information," said Richard Domingues Boscovich, assistant general counsel of Microsoft's digital crimes unit, in the blog post.

One virus found was called Nitol, which helps criminals steal from online bank accounts with stolen information.

"The Nitol botnet malware itself carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim’s computer to allow even more malware," said Microsoft in the post.

Nitol had attempted to connect to a command-and-control server on a domain owned by a Chinese company, 3322.org. Microsoft said the court order allowed it to seize control of the Web domain and "significantly limit the spread of the developing Nitol botnet".

Topics: Security, China, Hardware, PCs

About

Loves caption contests, leisurely strolls along supermarket aisles and watching How It's Made. Ryan has covered finance, politics, tech and sports for TV, radio and print. He is also co-author of best seller "Profit from the Panic". Ryan is an editor at ZDNet's Asia/Singapore office.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.