View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 19, 2012

UPDATED: Malware was not installed at factories, says Microsoft

Company’s Digital Crimes Unit clarifies study findings

By Steve Evans


Microsoft researchers have clarified earlier reports that suggested they had claimed malware was being installed on PCs during the production process.

Earlier this week Microsoft researchers claimed they had discovered insecurities in supply chain processes at PC manufacturing factories in China, which led to reports that claimed malware could be installed on a PC while it was being built in the factory.

Researchers have said the malware was most likely installed by a "distributor, transporter, or reseller," the company’s Digital Crimes Unit has now said in a statement.

A statement sent to CBR added: "In this particular case, Microsoft discovered that retailers were selling computers loaded with counterfeit versions of Windows software embedded with harmful malware. This means that the malware is loaded after the product is shipped by the original equipment manufacturer to a distributor, transporter, or reseller."

The company purchased 20 PCs and found malware already installed on four of them. Among the malware discovered was Nitol, which targets bank account details.

The discoveries resulted in Microsoft gaining authorisation to shut down a domain – 3322org – which it said was running hundreds of different varieties of malware.

"We found malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim’s home or business," Microsoft said at the time.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"Additionally, we found malware that records a person’s every key stroke, allowing cybercriminals to steal a victim’s personal information. The Nitol botnet malware itself carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim’s computer to allow even more malware – or anything else for that matter – to be loaded onto an infected computer," Richard Boscovich, sssistant general counsel, Microsoft Digital Crimes Unit, added.

Update (25/09/2012): This article has been updated to include Microsoft’s clarifications about when and how the malware was installed on PCs.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU