Microsoft admits millions of computers could be infected with malware before they're even out of the box

 

Hackers have uploaded viruses which can help them steal people's personal data on to millions of PCs and laptops before they are even taken out of the box, Microsoft has admitted.

The company said it found malware which allows would-be criminals to remotely switch on and control cameras and microphones, among other devices, on machines which were still factory sealed. The software is loaded with counterfeit copies of Microsoft Windows, the company said.

“Cybercriminals have made it clear that anyone with a computer could become an unwitting mule for malware,” wrote Microsoft's assistant general counsel for its Digital Crimes Unit, Richard Domingues Boscovich.

On the company's blog, he added: “Malware allows criminals to steal a person's personal information to access and abuse their online services, including e-mail, social networking accounts and online bank accounts. Examples of this abuse include malware sending fake e-mails and social media posts to a victim's family, friends and co-workers to scam them out of money, sell them dangerous counterfeit drugs, and infect their computers with malware.”

Boscovich said the counterfeit software could enter the supply chain “at any point” because a machine normally passes through the stock rooms of numerous companies between the Microsoft factory and the consumer's living room. Any of these could potentially - unwittingly or otherwise - load counterfeited software on to the computer.

He added: “So how can someone know if they're buying from an unsecure supply chain? One sign is a deal that appears too good to be true. However, sometimes people just can't tell, making the exploitation of a broken supply chain an especially dangerous vehicle for infecting people with malware.”

The company launched a two-pronged attack on the developing Nitol botnet - a method of controlling many computers using only one. Microsoft's plan of legal action and technical disruption, codenamed “Operation b70”, found that “20 per cent of the PCs researchers bought from an unsecure supply chain were infected with malware”.

Boscovich wrote: “Our research into Nitol uncovered that the botnet was being hosted on a domain linked to malicious activity since 2008. This study also revealed that in addition to hosting b70, 3322.org contained a staggering 500 different strains of malware hosted on more than 70,000 sub-domains.

“We found malware capable of remotely turning on an infected computer's microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim's home or business. Additionally, we found malware that records a person's every key stroke, allowing cybercriminals to steal a victim's personal information.

“The Nitol botnet malware itself carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim's computer to allow even more malware - or anything else for that matter - to be loaded on to an infected computer.”

In the post, he also wrote that the malware was capable of transmitting to other computers via USB flash drives, meaning it would spread fast through a family or work place. Microsoft has now been given permission by a US court to shut down the domain behind the scheme.

According to PC Advisor, Boscovich revealed that Microsoft bought computers from “PC malls” in various Chinese cities, all of which had counterfeit copies of Windows XP or Windows 7 installed. Of the twenty purchased, three had inactive malware and one had live malware, called “Nitol.A,” that awoke when the computer connected to the Internet.

The problem is not thought to affect Western physical supply chains but the malware could be transmitted if users download infected software.

Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    SThree: Trainee Recruitment Consultant

    £20000 - £25000 per annum + uncapped commission : SThree: Hello! I know most ...

    Recruitment Genius: Graduate Web Performance Consultant Trainee

    £22000 - £28000 per annum: Recruitment Genius: A Consultant trainee opportunit...

    Ashdown Group: Web Developer - ASP.NET, C#, MVC - London

    £45000 - £55000 per annum + Excellent benefits: Ashdown Group: Web Developer -...

    Recruitment Genius: Technical Analyst

    £17000 - £22000 per annum: Recruitment Genius: Technical Analyst required for ...

    Day In a Page

    The saffron censorship that governs India: Why national pride and religious sentiment trump freedom of expression

    The saffron censorship that governs India

    Zareer Masani reveals why national pride and religious sentiment trump freedom of expression
    Prince Charles' 'black spider' letters to be published 'within weeks'

    Prince Charles' 'black spider' letters to be published 'within weeks'

    Supreme Court rules Dominic Grieve's ministerial veto was invalid
    Distressed Zayn Malik fans are cutting themselves - how did fandom get so dark?

    How did fandom get so dark?

    Grief over Zayn Malik's exit from One Direction seemed amusing until stories of mass 'cutting' emerged. Experts tell Gillian Orr the distress is real, and the girls need support
    The galaxy collisions that shed light on unseen parallel Universe

    The cosmic collisions that have shed light on unseen parallel Universe

    Dark matter study gives scientists insight into mystery of space
    The Swedes are adding a gender-neutral pronoun to their dictionary

    Swedes introduce gender-neutral pronoun

    Why, asks Simon Usborne, must English still struggle awkwardly with the likes of 's/he' and 'they'?
    Disney's mega money-making formula: 'Human' remakes of cartoon classics are part of a lucrative, long-term creative plan

    Disney's mega money-making formula

    'Human' remakes of cartoon classics are part of a lucrative, long-term creative plan
    Lobster has gone mainstream with supermarket bargains for £10 or less - but is it any good?

    Lobster has gone mainstream

    Anthea Gerrie, raised on meaty specimens from the waters around Maine, reveals how to cook up an affordable feast
    Easter 2015: 14 best decorations

    14 best Easter decorations

    Get into the Easter spirit with our pick of accessories, ornaments and tableware
    Paul Scholes column: Gareth Bale would be a perfect fit at Manchester United and could turn them into serious title contenders next season

    Paul Scholes column

    Gareth Bale would be a perfect fit at Manchester United and could turn them into serious title contenders next season
    Inside the Kansas greenhouses where Monsanto is 'playing God' with the future of the planet

    The future of GM

    The greenhouses where Monsanto 'plays God' with the future of the planet
    Britain's mild winters could be numbered: why global warming is leaving UK chillier

    Britain's mild winters could be numbered

    Gulf Stream is slowing down faster than ever, scientists say
    Government gives £250,000 to Independent appeal

    Government gives £250,000 to Independent appeal

    Donation brings total raised by Homeless Veterans campaign to at least £1.25m
    Oh dear, the most borrowed book at Bank of England library doesn't inspire confidence

    The most borrowed book at Bank of England library? Oh dear

    The book's fifth edition is used for Edexcel exams
    Cowslips vs honeysuckle: The hunt for the UK’s favourite wildflower

    Cowslips vs honeysuckle

    It's the hunt for UK’s favourite wildflower
    Child abuse scandal: Did a botched blackmail attempt by South African intelligence help Cyril Smith escape justice?

    Did a botched blackmail attempt help Cyril Smith escape justice?

    A fresh twist reveals the Liberal MP was targeted by the notorious South African intelligence agency Boss