Microsoft Details Fight Against Nitol Malware in China

Here's a scary story from the BBC describing the nefarious goings-on at some PC manufacturers where malware is being installed on PC's on the production lines. The startling news comes from a new report from Microsoft.

Microsoft's study claims that brand new computers have been found carrying malware installed in the factory, with the focus in this report being on the virus known as "Nitol." No doubt named after the sleepy time over-the-counter medicine, the virus steals personal details from computer users like online bank accounts that are then plundered by cyber criminal enterprises.

Microsoft won permission from a US court to tackle the network of hijacked PCs made from Nitol-infected computers and the report details its battle. The company said that the criminals behind the program had exploited supply chains with little or no security to get viruses installed in new PCs.

Microsoft's digital crime investigators collected 20 PCs, 10 desktops and 10 laptops from different cities in China. They found that a small percentage of those computers were infected with malware even though they were fresh from the factory. To fight the problem, the company set up "Operation b70." What they ultimately found out from their investigation is that the source of the malware was counterfeit software some Chinese PC makers had installed.

Microsoft calls Nitol the worst of the malware it found because it gets to work very quickly. Once a computer with this malware on it is turned on, it tries to contact the "command and control system set up by Nitol's makers to steal data from infected machines."

Upon further investigation, Microsoft found that the botnet behind Nitol was being run from a web domain that had been involved in various forms of cybercrime since 2008. The domain also had 70,000 separate sub-domains used by 500 different malware programs to do their dirty work.

A US court gave Microsoft permission to take control of the web domain,, which it claims is involved with the Nitol infections. The owner of that domain, Peng Yong (who resides in China), claims that he knew nothing about Microsoft's legal action and said his company has a "zero tolerance" attitude towards illegal activity on the domain.

Source: BBC


Tweet about this on TwitterShare on FacebookShare on Google+Share on RedditEmail this to someone