Microsoft admits millions of computers could be infected with malware before they're even out of the box
Hackers have uploaded viruses which can help them steal people's personal data on to millions of PCs and laptops before they are even taken out of the box, Microsoft has admitted.
The company said it found malware which allows would-be criminals to remotely switch on and control cameras and microphones, among other devices, on machines which were still factory sealed. The software is loaded with counterfeit copies of Microsoft Windows, the company said.
“Cybercriminals have made it clear that anyone with a computer could become an unwitting mule for malware,” wrote Microsoft's assistant general counsel for its Digital Crimes Unit, Richard Domingues Boscovich.
On the company's blog, he added: “Malware allows criminals to steal a person's personal information to access and abuse their online services, including e-mail, social networking accounts and online bank accounts. Examples of this abuse include malware sending fake e-mails and social media posts to a victim's family, friends and co-workers to scam them out of money, sell them dangerous counterfeit drugs, and infect their computers with malware.”
Boscovich said the counterfeit software could enter the supply chain “at any point” because a machine normally passes through the stock rooms of numerous companies between the Microsoft factory and the consumer's living room. Any of these could potentially - unwittingly or otherwise - load counterfeited software on to the computer.
He added: “So how can someone know if they're buying from an unsecure supply chain? One sign is a deal that appears too good to be true. However, sometimes people just can't tell, making the exploitation of a broken supply chain an especially dangerous vehicle for infecting people with malware.”
The company launched a two-pronged attack on the developing Nitol botnet - a method of controlling many computers using only one. Microsoft's plan of legal action and technical disruption, codenamed “Operation b70”, found that “20 per cent of the PCs researchers bought from an unsecure supply chain were infected with malware”.
Boscovich wrote: “Our research into Nitol uncovered that the botnet was being hosted on a domain linked to malicious activity since 2008. This study also revealed that in addition to hosting b70, 3322.org contained a staggering 500 different strains of malware hosted on more than 70,000 sub-domains.
“We found malware capable of remotely turning on an infected computer's microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim's home or business. Additionally, we found malware that records a person's every key stroke, allowing cybercriminals to steal a victim's personal information.
“The Nitol botnet malware itself carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim's computer to allow even more malware - or anything else for that matter - to be loaded on to an infected computer.”
In the post, he also wrote that the malware was capable of transmitting to other computers via USB flash drives, meaning it would spread fast through a family or work place. Microsoft has now been given permission by a US court to shut down the domain behind the scheme.
According to PC Advisor, Boscovich revealed that Microsoft bought computers from “PC malls” in various Chinese cities, all of which had counterfeit copies of Windows XP or Windows 7 installed. Of the twenty purchased, three had inactive malware and one had live malware, called “Nitol.A,” that awoke when the computer connected to the Internet.
The problem is not thought to affect Western physical supply chains but the malware could be transmitted if users download infected software.
Life & Style blogs
Babies cry at night to stop mothers procreating, scientists claim
Naked yoga: the bare truth - it's already big in the US, and has now landed here
Health warning over 88,000 foreign doctors working in the NHS
Childhood bullying 'can lead to depression and unemployment in adulthood'
Baby catches deadly meningitis infection from cat
The food poverty scandal that shames Britain: Nearly 1m people rely on handouts to eat – and benefit reforms may be to blame
US Navy christens huge $3 billion destroyer ship USS Zumwalt that appears as a fishing boat on enemy radar
Scottish independence: It is the English who should be on their knees, begging the Scots to vote ‘No’
Nigel Farage fatigue? Half of voters ‘immune’ to Ukip’s appeal
Nigel Farage on Have I Got News For You: Ukip leader ridiculed over expenses and party 'fruitcakes'
Nigel Farage: I’m taking on the status quo, and the Establishment’s fighting back
- 1 Are you turning into your dad? The top ten signs you've embraced dad-ism revealed as survey says 38 is age men turn into their father
- 2 Overheard in Waitrose: documenting the chatter in 'Britain's poshest supermarket'
- 3 Video of British Muslims dancing to Pharrell Williams's hit Happy attacked as 'sinful'
- 4 24 people applied for the 'world's toughest job', here are their interviews
- 5 Grace Dent on TV: Game of Thrones has jumped the shark
iJobs Gadgets & Tech
£150.00 per week: QA Apprenticeships: This company is a company that specializ...
£153.75 per week: QA Apprenticeships: This company is an innovative outsourcin...
£150.00 per week: QA Apprenticeships: We've been supplying best of breed peopl...
£150.00 per week: QA Apprenticeships: We provide business administration softw...