Microsoft researchers have clarified earlier reports that suggested they had claimed malware was being installed on PCs during the production process.
Earlier this week Microsoft researchers claimed they had discovered insecurities in supply chain processes at PC manufacturing factories in China, which led to reports that claimed malware could be installed on a PC while it was being built in the factory.
Researchers have said the malware was most likely installed by a "distributor, transporter, or reseller," the company’s Digital Crimes Unit has now said in a statement.
A statement sent to CBR added: "In this particular case, Microsoft discovered that retailers were selling computers loaded with counterfeit versions of Windows software embedded with harmful malware. This means that the malware is loaded after the product is shipped by the original equipment manufacturer to a distributor, transporter, or reseller."
The company purchased 20 PCs and found malware already installed on four of them. Among the malware discovered was Nitol, which targets bank account details.
The discoveries resulted in Microsoft gaining authorisation to shut down a domain – 3322org – which it said was running hundreds of different varieties of malware.
"We found malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim’s home or business," Microsoft said at the time.
"Additionally, we found malware that records a person’s every key stroke, allowing cybercriminals to steal a victim’s personal information. The Nitol botnet malware itself carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim’s computer to allow even more malware – or anything else for that matter – to be loaded onto an infected computer," Richard Boscovich, sssistant general counsel, Microsoft Digital Crimes Unit, added.
Update (25/09/2012): This article has been updated to include Microsoft’s clarifications about when and how the malware was installed on PCs.