Several brand new computers purchased by Microsoft researchers in China were found to be infected with malware, the Washington-based computing giant has revealed.
Cybercriminals had infiltrated insecure supply chains and introduced counterfeit versions of Microsoft Windows embedded with malware on the new PCs, Richard Domingues Boscovich, assistant general counsel for Microsoft’s Digital Crimes Unit, wrote in a blog post. The discovery prompted Microsoft to obtain a US court order allowing it to take down an emerging botnet called Nitol, and disrupt more than 500 other strains of malware.
The malware was discovered as part of an investigation dubbed “Operation b70” into the security of supply chains, Microsoft said. As part of the investigation, researchers last August purchased 20 brand new laptop and desktop computers in various cities in China. After examining the machines, researchers found that 20 per cent were infected with malware that could spread through USB drives.
The most insidious of the infections was the Nitol virus, which can steal personal information and uses infected computers to carry out distributed denial of service (DDoS) attacks intended to flood websites with traffic and make them unreachable. Moreover, Nitol creates hidden access points on a victim’s computer, allowing additional malware to be loaded onto the infected machine at any time.
Researchers found that the Nitol botnet of infected computers was being controlled through the domain 3322.org, which has been linked to malicious activity since 2008. There, researchers also found hundreds of other malware strains.
“We found malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim’s home or business,” Boscovich wrote. “Additionally, we found malware that records a person’s every key stroke, allowing cybercriminals to steal a victim’s personal information.”
The US District Court for the Eastern District of Virginia on 10 September granted Microsoft’s Digital Crimes Unit permission to take control of 3322.org, enabling the company to block operation of the Nitol botnet.
“This action will significantly reduce the impact of the menacing and disturbing threats associated with Nitol and the 3322.org domain, and will help rescue people’s computers from the control of this malware,” Boscovich wrote.