Court Gives Microsoft License to Kill Botnet
Microsoft won court approval to pursue cybercriminals infiltrating its supply chain as part of an ongoing investigation into malware-infected computers.
The company’s Digital Crimes Unit bought computers from PC malls in China only to find brand-new laptop and desktop computers infected with preinstalled malware that may have spread to millions of PCs around the world.
Some of the devices contained counterfeit copies of Windows XP or Windows 7 with inactive malware. Another, though, was infected with the Nitol virus, which can open up a device to be used in a botnet attack.
They Are Watching
Further investigation, conducted under the codename “Operating b70,” found 500 strains of malware hosted on more than 70,000 sub-domains, according to a company blog post about the study. Microsoft warned the malware could act by turning on a camera to spy on victims or track user key strokes to record personal information.
Microsoft’s investigation stemmed from concerns about insecure supply chains. Researchers found that twenty percent of the PCs they purchased from the infiltrated supply chains had malware that could be spread through removable media such as USB flash drives.
While supply chains may have been hit by cybercriminals in the past, it wasn’t always as possible to track the attacks that far back, said Michael Murray, managing partner of MAD Security.
“There have been counterfeit versions of Windows for as long as Windows has existed,” he told TechNewsWorld. “And those counterfeit versions have often included some form of malware. It’s only now that malware is controlled in a centralized fashion that this type of operation can exist. In prior times, when the supply chain was infiltrated by malicious software, it would spread organically, without any way of tracking the infections back to the source.”