Microsoft Finds PCs That Ship Pre-Infected
One more thing to worry about: Your brand-spanking-new computer could be infected with a virus that will raid your online bank account.
On Thursday, Microsoft said it had discovered several new computers, fresh from Chinese factory floors, that carried a particularly pernicious computer virus — one capable of invading bank accounts, starting computer attacks and creating back doors that allow criminals to have their way with infected machines.
Microsoft’s digital crime researchers purchased 20 new computers from different cities in China and discovered that four of them had been infected with viruses. In each case, the computers were running counterfeit versions of Windows software that were infected with the virus.
That virus, called Nitol, reported back to a command and control center hosted by the Web domain 3322.org, which is registered to Bei Te Kang Mu Software Technology. That domain, Microsoft’s researchers say, hosts 500 different strains of malware. Some are capable of switching on a victim’s microphone or Web camera. Others record victims’ keystrokes, giving cybercriminals access to their log-in credentials and online bank accounts.
Microsoft got permission from a United States court to take down the network of Nitol-infected computers. The takedown was part of a civil suit brought by Microsoft in its increasingly aggressive campaign — called Project MARS, for Microsoft Active Response for Security — to take the lead in combating digital crime, rather than waiting for law enforcement to act.
Using similar legal means, Microsoft took down four other botnets — or networks of infected computers — in the last few years. In each case, Microsoft obtained a court order that allowed it to seize Web domains and computers associated with the botnets without first notifying the owners of the property. The court gave Microsoft permission to seize the 3322.org domain on Monday.
“This action will significantly reduce the impact of the menacing and disturbing threats associated with Nitol and the 3322.org domain, and will help rescue people’s computers from the control of this malware,” Richard Boscovich, a senior lawyer in Microsoft’s digital crimes unit, said in a blog post.
Peng Yong, the owner of Bei Te Kang Mu Software Technology, told The Associated Press that he was not aware of his domain’s seizure by Microsoft and that his company had a “zero tolerance” policy toward illegal activity on the domain. But he added that with 2.85 million domain names, his company “cannot exclude that individual users might be using domain names for malicious purposes.”
Source: New York Times 9/13/2012