A study by software giant Microsoft has found that cybercriminals have infiltrated PC production lines to successfully infect computers with malware.
The study suggests that several new computers have been found carrying malware installed in the factory.
One such virus called Nitol, steals personal details to help criminals plunder online bank accounts. In a report detailing its work to disrupt the Nitol botnet, Microsoft said the criminals behind the malicious program had exploited insecure supply chains to get viruses installed as PCs were being built.
The viruses were discovered when Microsoft digital crime investigators purchased 20 PCs – 10 desktops and 10 laptops – from different cities in China. Four of the computers were infected with malicious programs even though they were fresh from the factory. Microsoft found that the four viruses were included in counterfeit software some Chinese PC makers were installing on computers.
Nitol was the most pernicious of the viruses Microsoft caught because, as soon as the computer was turned on, it tried to contact the command and control system set up by Nitol's makers to steal data from infected machines.
Further investigation revealed that the botnet behind Nitol was being run from a web domain that had been involved in cybercrime since 2008. Also on that domain were 70,000 separate sub-domains used by 500 separate strains of malware to fool victims or steal data.
"We found malware capable of remotely turning on an infected computer's microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim's home or business," said Richard Boscovich, a lawyer in Microsoft's digital crimes unit.
A US court has now given Microsoft permission to seize control of the web domain, 3322.org, which it claims is involved with the Nitol infections. This will allow it to filter out legitimate data and block traffic stolen by the viruses.
Peng Yong, the Chinese owner of the 3322.org domain, told the AP news agency that he knew nothing about Microsoft's legal action and said his company had a "zero tolerance" attitude towards illegal activity on the domain. "Our policy unequivocally opposes the use of any of our domain names for malicious purposes," Peng told Associated Press. However, he added the sheer number of users it had to police meant it could not be sure that all activity was legitimate.
"We currently have 2.85 million domain names and cannot exclude that individual users might be using domain names for malicious purposes," said Peng.
Get Safe Online Chief Executive Tony Neate commented: "Today's warning by Microsoft once again highlights the need for consumers to be aware of the different ways our devices can become infected with malware. Even when we are extra vigilant we can still get caught out, as attackers find new and innovative ways to plant malware on our machines." Hed added "Our advice would be that if you're buying a new computer, make sure you're buying from a secure supply chain – if a deal appears too good to be true, it probably is. And then make sure you have up to date anti-malware software on your machine to give yourself the best chance of being protected. If you are worried go to getsafeonline.org for further advice.”
