Microsoft: Malware preloaded on PC production lines in China

The company finds cybercriminals had infiltrated unsecure supply chains to hijack brand new computers, prompting an operation to disrupt the emerging Nitol botnet, and over 500 other strains of malware.
Written by Ryan Huang, Contributor

Several new computers in a Chinese factory were found to have been infected with malware which was installed there, according to a study by Microsoft. This helped the company obtain a United States court order giving it permission to tackle the network of hijacked computers infected with the Nitol malware.

In a blog post Thursday, Microsoft said the viruses were discovered, when as part of study to confirm speculations, its team of investigators bought 20 PCs, 10 desktops and 10 laptops from different cities in China. Four of the brand new computers were preloaded with malicious programs.
Microsoft was then able to secure a court order to tackle the malware network, in its effort it codenamed "Operation b70". It later found that cybercriminals had infiltrated unsecure supply chains to introduce counterfeit software embedded with malware.

"We found malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim’s home or business. Additionally, we found malware that records a person’s every key stroke, allowing cybercriminals to steal a victim’s personal information," said Richard Domingues Boscovich, assistant general counsel of Microsoft's digital crimes unit, in the blog post.
One virus found was called Nitol, which helps criminals steal from online bank accounts with stolen information.

"The Nitol botnet malware itself carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim’s computer to allow even more malware," said Microsoft in the post.
Nitol had attempted to connect to a command-and-control server on a domain owned by a Chinese company, 3322.org. Microsoft said the court order allowed it to seize control of the Web domain and "significantly limit the spread of the developing Nitol botnet".

Editorial standards