Microsoft finds malware already installed on PCs off production line
Several new computers were found to be preloaded with malware during their production at facilities, according to a new study by Microsoft.
According to the study, the Nitol malware steals personal information to assist criminals to rob online bank accounts.
The Microsoft study also revealed that the malicious programme had taken advantage of insecure supply chains to allow malwares to be installed during the development of PCs.
The company found the malware following the purchase of 20 PCs, made up of 10 desktops and 10 laptops, from different Chinese cities by its digital crime investigators.
Microsoft revealed that it had found four of those PCs infected with malware on production lines.
The investigation also revealed that botnet behind Nitol was being operated from a web domain which has been involved in cybercrime since 2008.
Microsoft’s digital crimes unit lawyer Richard Boscovich said: "We found malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim’s home or business."
The company has obtained a US court order allowing it to deal with the network involving web domain 3322.org of hijacked computers infected with the Nitol virus.
The Chinese owner of the 3322.org domain was quoted by AP as saying that he knew nothing about Microsoft’s legal action and said his company had a "zero tolerance" attitude towards illegal activity on the domain.
"Our policy unequivocally opposes the use of any of our domain names for malicious purposes," he said.
UPDATE: Microsoft has clarified some of the findings of this study and confirmed that the malware was not installed at factories. A full update is available here.