Recently many PCs have been found with pre-installed virus or malware or pernicious software. While Microsoft looked into the matter, they found that cyber criminals are installing malware or pernicious software on PCs before the machines leave production lines.
Microsoft digital crime investigators bought 20 brand new PCs – 10 desktops and 10 laptops – for testing, from different cities in China. After turning on the computers for the first time, they found that 4 systems had pre-installed malware. The malware which was pre-installed in the system was Nitol. This virus is able to steal users’ personal details including bank details and steal data from infected machines and can automatically send the information to cyber criminals. According to Microsoft, this virus had been pre-installed when the PCs were in production lines.
Cyber criminals run this malware through web domains involved in cyber crime since 2008. In one such domain, there are 70,000 separate sub-domains. These 70,000 separate sub-domains are used by 500 separate strains of malware to fool victims or steal data.
Richard Boscovich, a lawyer in Microsoft’s digital crimes unit said via a blog post, “We found malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim’s home or business.”
On the other side, Paul Davis, director of Europe at security company FireEye, said, “According to Microsoft, some of the malware was capable of remotely turning on an infected computer’s microphone and video camera, posing a serious cyber espionage issue for consumers and businesses alike. When people buy a new PC, they often expect that machine to be secure out of the box. The fact that malware is being inserted at such an early stage in the product lifecycle turns this on its head and unfortunately means that no matter how discerning a user is online, their caution becomes irrelevant if that PC is already tainted.”
However, on September 10, Microsoft has got permission from the U.S. District Court for the Eastern District of Virginia to seize control of a web domain, 3322.org because Microsoft believes that the site is a major hub of malware and malicious online activity.