Microsoft revealed this finding in a new whitepaper and attributes the high rate of infections of PCs to a shaky supply chain structure that does not prevent the presence of counterfeit products. To lower the cost of a new PC, potentially compromised products are sometimes knowingly accepted. It does not take much to see that this scenario is a goldmine for malware makers and allows the malware business to flourish.
In its whitepaper Microsoft said that in some instances malware strains were contacting a known malware hosting source, 3322.org, and added infected PCs to the Nitol DDoS botnet. There were "500 different strains of malware hosted on more than 70,000 subdomains," Microsoft said.
Following its discovery, Microsoft acquired control of the domain via a court order on September 10. In addition to Nitol, Microsoft said that it also found malware "capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim’s home or business", as well as malware "that records a person’s every key stroke, allowing cybercriminals to steal a victim’s personal information."
Microsoft said that its recent actions will "reduce the impact of the menacing and disturbing threats associated with Nitol and the 3322.org domain". However, there is no effect on the overall infrastructure how malware finds its way into the supply chain. This case is clearly limited to China, but given the increasing concern about counterfeit products, it may be a smart move and common sense to run an anti-malware scan on your next new PC when you turn it on for the first time. Just in case.
