Microsoft reveals PCs are being infected by cyber thieves before they reach consumers (clarification)

14 Sep 2012

Microsoft has revealed that cyber-criminals are infiltrating unsecure computer supply chains to introduce counterfeit software embedded with malware for the purpose of secretly infecting people’s computers.

Clarification – We initially reported today that Microsoft warned that cyber criminals were infecting PCs in factories before they were shipped to consumers. This is incorrect. Microsoft has pointed out that the malware is loaded after the products are shipped by the OEM to a distributor, transporter or reseller.

Richard Domingues Boscovich, assistant general counsel with Microsoft’s Digital Crimes Unit, said that after being granted permission by the US District Court to disrupt more than 500 strains of malware that had the potential to target millions of innocent people, it managed to limit the spread of the Nitol botnet.

“A supply chain between a manufacturer and a consumer becomes unsecure when a distributor or reseller receives or sells products from unknown or unauthorised sources,” Boscovich said in the Microsoft blog.

“In Operation b70, we discovered that retailers were selling computers loaded with counterfeit versions of Windows software embedded with harmful malware. Malware allows criminals to steal a person’s personal information to access and abuse their online services, including email, social networking accounts and online bank accounts. Examples of this abuse include malware sending fake emails and social media posts to a victim’s family, friends and co-workers to scam them out of money, sell them dangerous counterfeit drugs, and infect their computers with malware.

“What’s especially disturbing is that the counterfeit software embedded with malware could have entered the chain at any point as a computer travels among companies that transport and resell the computer. So how can someone know if they’re buying from an unsecure supply chain? One sign is a deal that appears too good to be true. However, sometimes people just can’t tell, making the exploitation of a broken supply chain an especially dangerous vehicle for infecting people with malware.”

As has reported, Microsoft puts significant resources into catching counterfeiters and spends around US$200m a year on anti-counterfeiting activities.

“The discovery and successive action against the Nitol botnet stemmed from a Microsoft study looking into unsecure supply chains. The study confirmed that cyber-criminals preload malware infected counterfeit software onto computers that are offered for sale to innocent people. In fact, 20pc of the PCs researchers bought from an unsecure supply chain were infected with malware. Making matters worse, the malware was capable of spreading like an infectious disease through devices like USB flash drives, potentially causing the victim’s family, friends and co-workers to become infected with malware when simply sharing computer files.”

Botnets can give cyber-criminals eyes and ears into your home or business

To make matters even worse than that, Microsoft discovered malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving cyber-criminals eyes and ears into a victim’s home or business.

The US District Court of East Virginia earlier this week granted Microsoft’s request for an ex parte temporary restraining order against Peng Yong, his company and other John Does. The order allows Microsoft to host the domain, which hosted the Nitol botnet, through Microsoft’s newly created domain name system (DNS). This system enables Microsoft to block operation of the Nitol botnet and nearly 70,000 other malicious subdomains hosted on the domain, while allowing all other traffic for the legitimate subdomains to operate without disruption.

“Cyber-criminals have made it clear that anyone with a computer could become an unwitting mule for malware; today’s action is a step toward preventing that. We will continue to work to protect people that use our products and services from these threats and the cyber-criminals behind them. In addition, consumers should also exercise their right to demand that resellers provide them with non-counterfeit products free of malware,” Boscovich said.

Microsoft has information and tools to analyse and clean your computer.

Computer virus image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years