Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Microsoft discovers Chinese malware pre-installed on new PCs

Shock as Chinese supply chain compromised

Article comments

Microsoft has published evidence of an extraordinary conspiracy in which potent botnet malware was apparently installed and hidden on PCs during their manufacture in China.

In ‘Operation B70’ started in August 2011, Microsoft documents how its Digital Crimes Unit (DCU) bought 20 brand new laptops and desktop PCs from various cities in China, finding that four were infected with pre-installed backdoor malware, including one with a known rootkit called ‘Nitol’.

Tracing Nitol’s activity back to an extensive network of global command and control (C&C) servers, the team discovered that the malware that has infected PCs to build a larger bot, most probably used to launch DDoS attacks.

Once in situ, Nitol would spread beyond the PCs on which it had been pre-installed by copying itself to USB and other removable drives.

Disturbingly, other malware hosted on the main domain used as C&C by Nitol was capable of performing just about every nasty in the malware criminal’s armoury, including keylogging, controlling webcams, and changing search settings.  

This hints at the disturbing possibility that the pre-installed malware tactic is almost certainly much more significant than previously realised.

That PCs are being pre-installed with malware during or soon after manufacture confirmed a long-held suspicion that had prompted Microsoft to investigate supply chain security, the firm said.

“What’s especially disturbing is that the counterfeit software embedded with malware could have entered the chain at any point as a computer travels among companies that transport and resell the computer,” Microsoft said in a blog introducing its investigations.

Anyone installing malware during manufacture – that is before any form of security is added – would have an important head start over security systems that might be installed on the PC at a later point. The only way around this would be for the customer to reinstall the operating system after purchase using a known secure image.

As PC malware scandals go this is about as bad as it gets; Operation B70 offers an unpleasant glimpse of the state of PC security and asks questions of the security of the supply chain.

Microsoft was earlier this week granted permission by a US court to take control of the C&C servers being used to direct the Nitol botnet.

Microsoft’s DCU has acquired a reputation for unwinding botnets. An earlier bot disruption assault called Operation B71, it disrupted servers being used to distribute the Zeus banking Trojan. In 2011, it played a critical role in knocking down the Rustock botnet.

Third parties can already gain access to the company’s global honeypot for monitoring botnets through an API.



Share:

More from Techworld

More relevant IT news

Comments

Laserbait said: Oh yeah Im totally shocked This has only been the 200th time this stuff has been done PCs phones CDs USB key drives Chinese manufacturing is not our friend



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *