Microsoft has discovered an emerging botnet that has been enabled by malware inserted in PC supply chains. The viruses were discovered when Microsoft digital crime investigators bought 20 PCs, ten desktops and ten laptops from different cities in China. It found that 20 percent of the hardware it bought was infected with malware – capable of spreading through USB flash drives – despite the fact that the PCs that were fresh from the factory.
One virus, dubbed Nitol, was capable of stealing personal details that could help criminals infiltrate online bank accounts. It carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim's computer to allow even more malware - or anything else for that matter - to be loaded onto an infected computer.
Paul Davis, director of Europe at FireEye – a company whose solutions set out to stop advanced targeted attacks – commented: "It seems that today's ever-determined hackers have truly upped their game and taken cybercrime to the next astonishing level. According to Microsoft, some of the malware was capable of remotely turning on an infected computer's microphone and video camera, posing a serious cyber espionage issue for consumers and businesses alike. If the exploitation of supply chain vulnerabilities should become an emerging trend, it should be taken very seriously indeed, as it the impact could be far-reaching, costly and destructive.
"When people buy a new PC, they often expect that machine to be secure out of the box. The fact that malware is being inserted at such an early stage in the product lifecycle turns this on its head and unfortunately means that no matter how discerning a user is online, their caution becomes irrelevant if that PC is already tainted. With so much effort placed on educating users about safety online, it is disturbing to think that we have now entered an age where your personal information could be exposed to hackers simply by purchasing a new computer from a supposedly trusted source and switching it on.
"As with other malware discoveries of late, this calls for an urgent shift in the way that security is purchased, thought about and managed. With these constantly-shifting goalposts, static perimeter security and anti-virus packages simply aren't strong enough for businesses today – especially if the computers are already infected at the point of sale, as evidenced here. As hardware travels through so many different suppliers during development, it can be difficult – if not impossible – to pinpoint the source of infection. In this scenario, the only real defence is a holistic, constant and proactive approach to IT security that will plug all security holes, monitor all network activity and stop any intrinsic malware from causing further damage."