Microsoft has discovered a disturbing situation in China, when its digital crimes division purchased brand-new, factory-sealed computer systems. Microsoft has been investigating and prosecuting Chinese companies for installing and/or using illegal Microsoft software. What the investigators stumbled upon was something that was more dire than digital rights violations and could affect everyone who buys a new, factory-sealed personal computer.
Microsoft investigators discovered that the computers they had purchased were already infected with malware known as Nitol. During the course of their investigation, Microsoft investigators tracked the malware infestation to a Chinese factory, according to a recent lawsuit filed by the company. In addition to the malware infestation, Microsoft also discovered that these same systems did in fact contain illegal software that was not produced or authorized by Microsoft.
The malware infestation was tracked to other computer systems that had previously been sold in Russia, China, Australia, Germany, and the United States. The botnet was being controlled by servers located in the Cayman Islands and had been set up to steal users’ personal information including banking, credit card, and other data. People were finding that, after opening their factory-sealed computer systems, setting them up, and connecting to the Internet, the computers would immediately call home.
Microsoft found this revelation disturbing, but not totally surprising. Apparently, this is not the first time that the software giant has discovered this type of infestation with malware being installed on brand-new computer systems. Microsoft has stated that, without any instructions from the users, the computers were pre-programmed to automatically call home to a computer system that was unknown to the users. This criminal behavior is now being further investigated by Microsoft and a lawsuit has been filed against the perpetrators. The lawsuit has been filed here in the United States in a federal court in Virginia.
China has always been a country in which illegal and counterfeit software is sold openly in markets located in public view. I once read that a full version of Windows can be purchased on the streets of China for as little as $2.00. It is therefore not surprising that Microsoft needs a full-time investigation division located in China just to monitor these illegal activities. Now that the company has discovered malware being installed at the factory level, this type of investigation carries an even more important role in protecting all of us from this nasty type of bug.
In addition to stopping the malware installation in China, Microsoft is also pursuing having the servers in the Cayman Islands removed and permanently dismantled. What is disturbing to me is the thought of how many computer systems have already been sold to unsuspecting buyers and have already fallen victim to ID theft. In addition is the fact that it is unknown how many other servers from around the world are also stealing data from users without their knowledge.
One additional note of interest: During the course of its investigation, Microsoft also discovered that the malware was also able to turn on the video camera and microphones of the infected computers. This, in turn, provided the bad guys access to everything a user said and gave access to a bird’s eye view of where the user lived or worked.
Comments, as always, are welcome.
CC licensed Flickr photo above shared by David Erickson