According to a recent investigation by Microsoft, brand new laptop and desktop computers sold in China contain preinstalled malicious software, which has already infected millions of computers around the world. The malware, which is embedded in counterfeit versions of Microsoft’s Windows operating systems, is designed to spy on users and conduct denial-of-service attacks, Microsoft stated.
In addition to that, the company warned that these findings bring up new questions over the integrity of computer-part supply chains. According to Assistant General Counsel for Microsoft’s Digital Crimes Unit Richard Domingues Boscovich, “Cybercriminals are out to get you. They will do whatever it takes. If the supply chain is how they’re going to get on, that’s what they’re going to do.”
Microsoft’s investigation, which it has dubbed “Operation b70”, culminated with the shutdown of the command-and-control system that was connected to all the infected computers which were infected with “Nitol”. Nitol is a piece of malicious software known as a rootkit, which was preinstalled on some of the examined computers. The virus was able to quickly spread through removable drives.
Microsoft has led an aggressive push against the counterfeit software, as well as against botnets, in order to stop the source of the illegal activity, which was primarily targeted at Windows users because of the high amount of people that use the company’s operating system around the world.
Investigators for Microsoft had Chinese nationals purchase 20 laptop and desktop computers from fake “PC malls” in various cities throughout China. All of the devices had counterfeit copies of Windows XP or Windows 7, according to Boscovich. Three computers also contained inactive malware with a fourth having a live piece of malware, “Nitol.A”, which awoke when the computer connected to the internet.
The laptop was manufactured by Hedy, a large manufacturer in Guangzhou, China and was purchased in Shenzhen. The other three computers, the ones with inactive malware, were purchased from “major manufacturers”, according to Microsoft, though those manufacturers’ identities were not revealed.
Microsoft believes that the computers became infected after the devices left the factory. In China many computers ship with DOS and have the operating system installed later. According to Boscovich, “Somewhere in that retail or wholesale supply chain, something happens.”
Source: PC World – Microsoft finds new PCs in China preinstalled with malware