Malware present on PCs before they even reach stores, says Microsoft

malware present on pcs before they even reach stores says microsoft

Here’s an unexpected new element in the perpetually ongoing struggle over whether you should buy a PC or a Mac: A newly-released report is claiming that malware is being installed on PC machines before they’re even released from the factories – and the source of that new report is theoretically someone who would know: Microsoft.

The claim comes after researchers working for the software giant investigated the sale of counterfeit software in China discovered malware pre-installed on four out of twenty machines tested, with pirated or fake versions of Windows present on every single one of the tested machines. Each of the twenty machines were brand new, and had been purchased for the purpose of testing, and as such hadn’t been used prior to testing.

According to the report, the most aggressive piece of malware found on any of the twenty machines was a software known as Nitol, which links machines to a botnet and has been found on systems as far afield as the US, Russia, China, Australia and Germany, with the malware apparently being controlled by servers in the Cayman Islands.

The investigation is believed to have started a little over a year ago, with Microsoft employees in China purchasing new PCs and laptops as part of a push to discover how widespread counterfeit Microsoft software was in the Chinese market. According to Microsoft’s Patrick Stratton, a manager in the company’s digital crimes unit and the author of the report revealing this information, the discovery of the machine pre-loaded with Nitol was most surprising – and most disturbing.

“As soon as we powered on this particular computer, of its own accord without any instruction from us, it began reaching out across the internet, attempting to contact a computer unfamiliar to us,” he wrote in the report, adding that as soon as a thumb drive was plugged into the machine, Nitol copied itself onto that drive and then, when that drive was attached to another machine, copied itself onto the new machine as well.

The reason behind this information coming to light is a new lawsuit filed by Microsoft against a Chinese businessman known as Peng Yong, who it believes to be the man behind a web domain used by the malware to co-ordinate activities. “In short,” the lawsuit reads, “3322.org is a major hub of illegal Internet activity, used by criminals every minute of every day to pump malware and instructions to the computers of innocent people worldwide.”

Peng, perhaps unsurprisingly, denies any wrongdoing on his part, although it’s worth noting that security firm Zscaler reported that 3322.org was responsible for more than 17 percent of malicious web transactions in the world during 2009. The lawsuit was unsealed by a federal court in Virginia yesterday.