Chinese crooks pre-install malware on PCs

Criminals in China have been infiltrating supply chains and adding counterfeit software embedded with malware to computers, according to Microsoft.

  0 Be the first to comment

Chinese crooks pre-install malware on PCs

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The tech giant says that it has moved to disrupt the botnet made up of computers infected by the malware, called Nitol, after being given the go-ahead by a US court.

Researchers working for Microsoft bought PCs and laptops in China that came from an insecure supply chain and found that 20% were infected with malware. Making matters worse, the malware was capable of spreading like an infectious disease through devices like USB flash drives.

The company carried out a study, finding that the botnet was being hosted on a domain linked to malicious activity since 2008. In addition, another 500 different strains of malware were discovered hosted on more than 70,000 sub-domains.

Some of the strains were capable of remotely turning on an infected computer's microphone and video camera while others could record a person's every key stroke.

The Nitol botnet malware itself carries out DDoS attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim's computer to allow even more malware to be loaded onto an infected computer.

Armed with its evidence, Microsoft went to a US court, which granted its request for an ex parte temporary restraining order against a Peng Yong, his company and unnamed others.

The order allows Microsoft to place the 3322.org domain, which hosted the Nitol botnet, through Microsoft's newly created domain name system. This system enables Microsoft to block operation of the botnet and nearly 70,000 other malicious subdomains.

Says Microsoft: "This action will significantly reduce the impact of the menacing and disturbing threats associated with Nitol and the 3322.org domain, and will help rescue people's computers from the control of this malware."

Sponsored [On-Demand Webinar] Solving the KYC challenge with end-to-end processes

Comments: (0)

[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming MandatesFinextra Promoted[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates