Microsoft battles botnet pre-installed on systems

A batch of factory-fresh PCs from China are bearing malware, and some infected models have made it into the U.S.

Imagine turning on a brand new, fresh-from-the-factory laptop and already having a virus on it before you even do anything. That's the scary situation Microsoft uncovered on several PCs in China, and now the tech giant is fighting the botnet responsible for the infections in court.

Microsoft digital crime investigators in China discovered the Nitol virus when looking into the sale of counterfeit software. The virus was preinstalled on 20 percent of the laptops and desktops tested, Microsoft states on its blog. Somewhere between the assembly line and the retail purchase, cybercriminals were able to introduce the malware.

The majority--85 percent--of Nitol infections have been detected in China, but nearly 10 percent have also been found in the U.S., Microsoft reveals.

Nitol-infected PCs immediately and automatically search the Internet for other computers to connect to and attack.

Microsoft's further investigation unearthed more than 500 other types of malware being hosted by this illegal network. The malware found was capable of keystroke logging, remotely turning on the video camera and microphone, launching denial of service attacks, and more.

The Microsoft Digital Crime Unit has been investigating the malware since last August. This week, a U.S. District court granted Microsoft permission to take over the 3322.org domain and its 70,000 sub-domains, which the company says is the source of the infection and a major hub of illegal activity. Microsoft has filed a lawsuit against server owner Peng Yong.

Combating botnets by shutting down the domain providers is a strategy Microsoft has had great success with in the past. This is the second botnet disruption for the software giant in the last six months.

It's also the largest single repository of infected software the company has found to date. More than 37 million malware connections have been blocked from 3322.org since Microsoft won the court order.

Follow Melanie Pinola (@melaniepinola) and Today@PCWorld on Twitter

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

IT Compliance Solutions

Enforce compliance consistently and cost-effectively across your organization.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »