Ingenious hackers have opened up a new frontline in their battle against software companies, audaciously infecting a number of computers with malware at a time and place when they should be at their most secure – on the factory production line.
The startling discovery comes from a new Microsoft study, which revealed that a number of PCs were found to be carrying malware that was believed to have been installed before they even left the factory.
Of these threats, one of the most worrying is a virus named Nitol, which Microsoft says can steal personal details that hackers can then use to plunder their victim’s bank accounts.
Microsoft recently released an extensive report detailing its battle to disrupt the Nitol botnet, which explained how the audacious hackers had exploited a vulnerability in manufacturer’s supply chains that enabled them to install viruses in computers before they had even been assembled.
According to the software giant, it discovered the viruses when investigators from the firm purchased ten laptops and ten PCs from different retailers in China. Of these, four of them were found to be infected with malware.
Keen to learn how and where the computers had become infected, Microsoft launched a secret operation – known as Operation b70 – which led to the discovery of four different viruses found in counterfeit software that some Chinese PC manufacturers were illegally installing in their products.
Of the four viruses that Microsoft discovered, Nitol is said to be the most pernicious, as it was programmed to immediately make contact with the computer’s command and control system when the machines were switched on for the first time by users.
Microsoft’s investigations eventually led to the discovery that the botnet controlling Nitol originated from a domain known to have been associated with malware for at least four years. The domain, identified as 3322.org, contained no less than 70,000 sub-domains that were also infected with malware designed to steal personal data.
A lawyer for Microsoft’s digital crimes unit revealed in a blog post the full extent of the danger that Nitol malware possessed:
“We found malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim’s home or business.”
Following these alarming discoveries, a US court ruling allowed Microsoft to seize control of the suspect web domain – the software company said it now plans to block traffic stolen by the Nitol virus and filter out any legitimate data.