Microsoft battles botnet pre-installed on systems

A batch of factory-fresh PCs from China are bearing malware, and some infected models have made it into the U.S.

Imagine turning on a brand new, fresh-from-the-factory laptop and already having a virus on it before you even do anything. That's the scary situation Microsoft uncovered on several PCs in China, and now the tech giant is fighting the botnet responsible for the infections in court.

Microsoft digital crime investigators in China discovered the Nitol virus when looking into the sale of counterfeit software. The virus was preinstalled on 20 percent of the laptops and desktops tested, Microsoft states on its blog. Somewhere between the assembly line and the retail purchase, cybercriminals were able to introduce the malware.

The majority--85 percent--of Nitol infections have been detected in China, but nearly 10 percent have also been found in the U.S., Microsoft reveals.

Nitol-infected PCs immediately and automatically search the Internet for other computers to connect to and attack.

Microsoft's further investigation unearthed more than 500 other types of malware being hosted by this illegal network. The malware found was capable of keystroke logging, remotely turning on the video camera and microphone, launching denial of service attacks, and more.

The Microsoft Digital Crime Unit has been investigating the malware since last August. This week, a U.S. District court granted Microsoft permission to take over the domain and its 70,000 sub-domains, which the company says is the source of the infection and a major hub of illegal activity. Microsoft has filed a lawsuit against server owner Peng Yong.

Combating botnets by shutting down the domain providers is a strategy Microsoft has had great success with in the past. This is the second botnet disruption for the software giant in the last six months.

It's also the largest single repository of infected software the company has found to date. More than 37 million malware connections have been blocked from since Microsoft won the court order.

Follow Melanie Pinola (@melaniepinola) and Today@PCWorld on Twitter

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Melanie Pinola

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts