Monday, September 17, 2012

Techworld: "Microsoft discovers Chinese malware pre-installed on new PCs"


What a surprise.

From Techworld.com, by John E. Dunn (9/14/2012):

Microsoft discovers Chinese malware pre-installed on new PCs: Shock as Chinese supply chain compromised

Microsoft has published evidence of an extraordinary conspiracy in which potent botnet malware was apparently installed and hidden on PCs during their manufacture in China.

In ‘Operation B70’ started in August 2011, Microsoft documents how its Digital Crimes Unit (DCU) bought 20 brand new laptops and desktop PCs from various cities in China, finding that four were infected with pre-installed backdoor malware, including one with a known rootkit called ‘Nitol’.

Tracing Nitol’s activity back to an extensive network of global command and control (C&C) servers, the team discovered that the malware that has infected PCs to build a larger bot, most probably used to launch DDoS attacks.

Once in situ, Nitol would spread beyond the PCs on which it had been pre-installed by copying itself to USB and other removable drives.

Disturbingly, other malware hosted on the main domain used as C&C by Nitol was capable of performing just about every nasty in the malware criminal’s armoury, including keylogging, controlling webcams, and changing search settings.

This hints at the disturbing possibility that the pre-installed malware tactic is almost certainly much more significant than previously realised.

That PCs are being pre-installed with malware during or soon after manufacture confirmed a long-held suspicion that had prompted Microsoft to investigate supply chain security, the firm said.

“What’s especially disturbing is that the counterfeit software embedded with malware could have entered the chain at any point as a computer travels among companies that transport and resell the computer,” Microsoft said in a blog introducing its investigations.

Anyone installing malware during manufacture – that is before any form of security is added – would have an important head start over security systems that might be installed on the PC at a later point. The only way around this would be for the customer to reinstall the operating system after purchase using a known secure image.

As PC malware scandals go this is about as bad as it gets; Operation B70 offers an unpleasant glimpse of the state of PC security and asks questions of the security of the supply chain.

(Full article at the link.)

14 comments:

Maju said...

"The only way around this would be for the customer to reinstall the operating system after purchase using a known secure image".

Meaning extra money for Windows (unless you quit it for some variant of Linux, tired of suffering the abuses of a global private monopoly).

Isn't a bit of a coincidence that this info is known precisely when China-Japan and US-Iran relations seem at the point of "almost war", meaning also a major degradation in US-china relations?

Anonymous said...

You know it would be a lot easier if you buy a computer and simply plug in your operating system purchased from a single authorised source.

I don't know how that would work but it would make things much easier.

Maju said...

But that's much more expensive, Anon. I once tried to buy Windows XP and I was asked the price of half a computer. If you get it with the computer they charge you just 10 euros (but no disk).

The final solution was eventually to go Linux. It has its own issues but it is 100% free and not at all worse the Windows (except in game availability to some extent). It has many options (that's "free market" and not Microsoft's monopoly), it is customizable if you're techie enough and has some decent security.

I'm not looking back to the blue screen of death, thanks.

Anonymous said...

People may pay a premium for plug and play,as you say people pay a premium to fiddle around with stuff no one has any time for.

Think of it like bicycle illumination,some use reflectors,others use dynamo,another may use a lamp with integral rechargeable batteries,another group may use disposable batteries whilst another may use a lamp with removable rechargeable batteries.

At present using the bicycle as an example you can buy your machine with reflectors or you can buy it as parts and add your own reflectors.

But there are no other options.

sipieter nicolas said...

format zindoz, install linux..

Anonymous said...

With a hardware O/S you could buy "hardened" versions to withstand EMP.

King of like Thermionic Valves in the old wireless radio systems.

Anonymous said...

First known case of compromised OEM stuff was a printer manufacturer who was unwittingly distributing infected software drivers. Apparently someone had forgotten to air-gap the machine which was controlling the burning of the driver CDs.

People do not take this stuff seriously, I have no trouble believing that the Chinese manufacturers were not complicit, just careless.

Anyway, when the PRC needs something compromised, they can backdoor the hardware, not the software.

prestashop template said...

nice

weight loss said...

very nice

Anonymous said...

Holy flying duck shit, the Chinese are at it again..!

Anonymous said...

I'm guessing the Chinese are being worked to death,and if so the work 'em 'till they drop philosophy of the Chinese model has certainly found favour among the CEO of ostensibly western nations.

Surrogacy Agency said...

nice pics

Anonymous said...

the company that was selling viagra has a leaflet attached that promises a free mobilephone loaded with "track-ware" for the .. uhm ... young girlfriend.

laptop battery said...

This is too bad.

Post a Comment