Monday, September 17, 2012

Pre-installed Microsoft software may come with serious malware

From TechnWorld:

Microsoft discovers Chinese malware pre-installed on new PCs

Shock as Chinese supply chain compromised

By John E Dunn

Microsoft has published evidence of an extraordinary conspiracy in which potent botnet malware was apparently installed and hidden on PCs during their manufacture in China.

In ‘Operation B70’ started in August 2011, Microsoft documents how its Digital Crimes Unit (DCU) bought 20 brand new laptops and desktop PCs from various cities in China, finding that four were infected with pre-installed backdoor malware, including one with a known rootkit called ‘Nitol’.

Tracing Nitol’s activity back to an extensive network of global command and control (C&C) servers, the team discovered that the malware that has infected PCs to build a larger bot, most probably used to launch DDoS attacks.

Once in situ, Nitol would spread beyond the PCs on which it had been pre-installed by copying itself to USB and other removable drives.

Disturbingly, other malware hosted on the main domain used as C&C by Nitol was capable of performing just about every nasty in the malware criminal’s armoury, including keylogging, controlling webcams, and changing search settings.

This hints at the disturbing possibility that the pre-installed malware tactic is almost certainly much more significant than previously realised.

That PCs are being pre-installed with malware during or soon after manufacture confirmed a long-held suspicion that had prompted Microsoft to investigate supply chain security, the firm said.

“What’s especially disturbing is that the counterfeit software embedded with malware could have entered the chain at any point as a computer travels among companies that transport and resell the computer,” Microsoft said in a blog introducing its investigations.

Anyone installing malware during manufacture – that is before any form of security is added – would have an important head start over security systems that might be installed on the PC at a later point. The only way around this would be for the customer to reinstall the operating system after purchase using a known secure image.

As PC malware scandals go this is about as bad as it gets; Operation B70 offers an unpleasant glimpse of the state of PC security and asks questions of the security of the supply chain.

Microsoft was earlier this week granted permission by a US court to take control of the C&C servers being used to direct the Nitol botnet.

Microsoft’s DCU has acquired a reputation for unwinding botnets. An earlier bot disruption assault called Operation B71, it disrupted servers being used to distribute the Zeus banking Trojan. In 2011, it played a critical role in knocking down the Rustock botnet.

Third parties can already gain access to the company’s global honeypot for monitoring botnets through an API.

In other words: you buy a personal computer with pre-installed Windows OS, as most do, and there is a chance (how big?) that it comes with the most sophisticated of virus. As Microsoft does not provide you with a guaranteed disk with the OS to reinstall, you have to buy a brand new Windows OS, which is much much more expensive than the pre-installed version.

Blame the Chinese. 

Or you can, I guess, decide that it's about time to change to Linux, of which there are several versions which are very stable and usable by the non-expert (Ubuntu, Linux Mint, etc.) and you may even get better technical help, all for free... 

But up to you: keep paying for junk.

No comments:

Post a Comment

Please, be reasonably respectful when making comments. I do not tolerate in particular sexism, racism nor homophobia. The author reserves the right to delete any abusive comment.

Comment moderation before publishing is... ON