Microsoft announced that it has found malware to be pre-installed in computers in China, accounting for up to 20 percent of some computers sold.
Researchers for Microsoft in China have found forged versions of the Windows operating system, as well as a piece of malicious software known as Nitol, which sends information back to command-and-control nodes run by hackers. The malware is reported to be able to turn on the computer’s microphone and webcam, allowing hackers to see and hear in the vicinity of the computer. A similar attack was documented as part of Operation GhostNet, believed to be a state-sponsored espionage that used similar spying mechanisms on certain political targets such as Tibetans and government computers.
Worse, Nitol also turns the computer into part of a botnet, which can be used by hackers using the same servers to do malicious activity, such as unleash a DDOS (distributed denial of service) attack on hapless computers at the hackers’ will.
Lawsuit Filed to Stop Botnet Infection
Microsoft released this information as part of a federal lawsuit that it filed in the United States. The lawsuit targets a Chinese businessman named Peng Yong, who is alleged to be running web domains that are a hotbed of malware used in the attacks.
Court papers were unsealed on Thursday in a federal court in Virginia where the case is being filed, according to the Associated Press (AP).
In a private chat on Sina Weibo with AP, Peng is reported to have confirmed ownership of the domain, but defended himself saying his company has “2.85 million domain names” and could not exclude that certain domains were being used “for malicious purposes.” AP noted in the same article that “Russian security company Kaspersky Lab reported that 40% of all malware programs … connected to 3322.org.”
According to ThreatPost, The U.S. federal court gave Microsoft a restraining order against Peng Yong, his company Bei Te Kang Mu Software Technology, and three other unidentified people included in the lawsuit, and allowed Microsoft and U.S. authorities the go-ahead to block the Nitol malware and botnet. The report stated that 80 percent of the infected machines were in China, and 85 percent of the command-and-control nodes were operating in China.
Microsoft Digital Crimes Unit assistant general counsel Richard Domingues Boscovich wrote of the project in the report, “Our disruption of the Nitol botnet further demonstrates our resolve to take all necessary steps to protect our customers and discourage criminals from defrauding them into using malware infected counterfeit software.” The software giant had uncovered the malware and identified sources after a few months of investigation.