Microsoft discovers Chinese malware pre-installed on new PCs

Discussion in 'China' started by Daredevil, Oct 6, 2012.

  1. Daredevil

    Daredevil On Vacation! Administrator

    Joined:
    Apr 5, 2009
    Messages:
    11,613
    Likes Received:
    5,670
    Microsoft discovers Chinese malware pre-installed on new PCs

    Microsoft has published evidence of an extraordinary conspiracy in which potent botnet malware was apparently installed and hidden on PCs during their manufacture in China.

    In ‘Operation B70’ started in August 2011, Microsoft documents how its Digital Crimes Unit (DCU) bought 20 brand new laptops and desktop PCs from various cities in China, finding that four were infected with pre-installed backdoor malware, including one with a known rootkit called ‘Nitol’.

    Tracing Nitol’s activity back to an extensive network of global command and control (C&C) servers, the team discovered that the malware that has infected PCs to build a larger bot, most probably used to launch DDoS attacks.

    Once in situ, Nitol would spread beyond the PCs on which it had been pre-installed by copying itself to USB and other removable drives.

    Disturbingly, other malware hosted on the main domain used as C&C by Nitol was capable of performing just about every nasty in the malware criminal’s armoury, including keylogging, controlling webcams, and changing search settings.

    This hints at the disturbing possibility that the pre-installed malware tactic is almost certainly much more significant than previously realised.

    That PCs are being pre-installed with malware during or soon after manufacture confirmed a long-held suspicion that had prompted Microsoft to investigate supply chain security, the firm said.

    “What’s especially disturbing is that the counterfeit software embedded with malware could have entered the chain at any point as a computer travels among companies that transport and resell the computer,” Microsoft said in a blog introducing its investigations.

    Anyone installing malware during manufacture – that is before any form of security is added – would have an important head start over security systems that might be installed on the PC at a later point. The only way around this would be for the customer to reinstall the operating system after purchase using a known secure image.

    As PC malware scandals go this is about as bad as it gets; Operation B70 offers an unpleasant glimpse of the state of PC security and asks questions of the security of the supply chain.

    Microsoft was earlier this week granted permission by a US court to take control of the C&C servers being used to direct the Nitol botnet.

    Microsoft’s DCU has acquired a reputation for unwinding botnets. An earlier bot disruption assault called Operation B71, it disrupted servers being used to distribute the Zeus banking Trojan. In 2011, it played a critical role in knocking down the Rustock botnet.

    Third parties can already gain access to the company’s global honeypot for monitoring botnets through an API.
     
  2.  
  3. Daredevil

    Daredevil On Vacation! Administrator

    Joined:
    Apr 5, 2009
    Messages:
    11,613
    Likes Received:
    5,670
    So, next time you buy a PC, make sure its not 'made in china' otherwise your computer will be part of DDoS attacks around the world.
     
  4. spikey360

    spikey360 Crusader Senior Member

    Joined:
    Jan 19, 2011
    Messages:
    2,285
    Likes Received:
    2,116
    Location:
    The Republic of India
    China's designs depend so much on vulnerabilities of Micro$hit that it's obscene. I still don't get why people are so ignorant and addicted to this broken series of operating systems called Windows.
     
    peacecracker likes this.
  5. nimo_cn

    nimo_cn Senior Member Senior Member

    Joined:
    Aug 18, 2009
    Messages:
    3,491
    Likes Received:
    592
    [ QUOTE=spikey360;592221]China's designs depend so much on vulnerabilities of Micro$hit that it's obscene. I still don't get why people are so ignorant and addicted to this broken series of operating systems called Windows.[/QUOTE]

    Microsoft is not just selling an operating system, but more like selling a habit. Most people dont have the momentum to change once they get used to something.

    Sent from my T8830 using Tapatalk 2
     
  6. spikey360

    spikey360 Crusader Senior Member

    Joined:
    Jan 19, 2011
    Messages:
    2,285
    Likes Received:
    2,116
    Location:
    The Republic of India
    ^^ Agree with that. The less people are comfortable to come out of their cozy nook, the more their vulnerability will be known and exploited.
     
  7. Armand2REP

    Armand2REP CHINI EXPERT Veteran Member

    Joined:
    Dec 17, 2009
    Messages:
    10,397
    Likes Received:
    2,314
    If Microsoft ever had a rival to its OS, there would be just as much malware for the competition as there would be for Windows.
     
  8. spikey360

    spikey360 Crusader Senior Member

    Joined:
    Jan 19, 2011
    Messages:
    2,285
    Likes Received:
    2,116
    Location:
    The Republic of India
    ^^ throw us some light on the massive number of malwares plaguing the Unix environment and its derivatives.
     
    peacecracker and W.G.Ewald like this.
  9. Armand2REP

    Armand2REP CHINI EXPERT Veteran Member

    Joined:
    Dec 17, 2009
    Messages:
    10,397
    Likes Received:
    2,314
    ^^ Unix doesn't have enough market-share to compete with Windows so no one would bother making malware for it.
     
  10. spikey360

    spikey360 Crusader Senior Member

    Joined:
    Jan 19, 2011
    Messages:
    2,285
    Likes Received:
    2,116
    Location:
    The Republic of India
    I'm assuming you are a Microsoft fan, though I could be wrong. If you did your homework, you'd know that the most important computer systems on earth run on Unix or Linux. Billions of dollars of business is done everyday on machines running Linux. The number of supercomputers running Linux is light years more than whatever share Microsoft dreams to have. Linux servers have complete dominance in the web server arena. Even the Apple operating systems are based on Unix. Hell, I bet even this website is running on a Linux server. And you think that it is not a platform with sufficient *market share*. Most of the "market" flourishes due to the above mentioned platforms. Micro$hit finds its place in the desktop and other devices of gullible, intermediate and low skill level computer users. Basically your average Joes.

    Btw: your post had me convulsing in laughter.
     
    Last edited: Oct 7, 2012
    drkrn and peacecracker like this.
  11. Bangalorean

    Bangalorean Stars and Ambassadors Stars and Ambassadors

    Joined:
    Nov 28, 2010
    Messages:
    6,207
    Likes Received:
    6,497
    ^^ While the server space is dominated by *nix variants - Linux, Solaris, HP-UX, etc., what I have observed is that in most cases even the development that happens on those servers happens via windows clients. People use PuTTy or some similar terminal login software to interact with the server, while simultaneously using outlook, word, excel etc. on their desktops/laptops. This is the case in almost all IT companies which perform software implementations on Unix.
     
  12. spikey360

    spikey360 Crusader Senior Member

    Joined:
    Jan 19, 2011
    Messages:
    2,285
    Likes Received:
    2,116
    Location:
    The Republic of India
    ^^ that is most unfortunate. However, Indian companies are not well known for their innovation. Neither have they contributed anything substantial to the open source cause. They're more like dairy where they only milk the cattle. The real stuff happens in ice cream parlours outside.
     
  13. Daredevil

    Daredevil On Vacation! Administrator

    Joined:
    Apr 5, 2009
    Messages:
    11,613
    Likes Received:
    5,670
    Here the talk is about home PCs which is dominated by Windows software (90% share) and also most vulnerable for malware and viruses. This is what those Chinese companies are exploiting. So just e careful while buying stuff from China.
     
  14. peacecracker

    peacecracker Regular Member

    Joined:
    Jun 16, 2009
    Messages:
    292
    Likes Received:
    40
    Location:
    India
    Sadly Gnu/Linux is no where near Microsoft heck even Apple OS in popularity. the learning curve is perhaps too high for commoners.
     
  15. asianobserve

    asianobserve Elite Member Elite Member

    Joined:
    May 5, 2011
    Messages:
    7,308
    Likes Received:
    2,976

    [​IMG]
     
    parijataka and Armand2REP like this.
  16. Apollyon

    Apollyon Führer Senior Member

    Joined:
    Nov 13, 2011
    Messages:
    2,600
    Likes Received:
    2,380
    Location:
    आर्यावर्त
    trying to insult who are not tech savvy ?
    well tell me do Dassault offer Solidworks for Linux/Unix ?
    or do Autodesk offer any of it's product for Linux/Unix ?
    or do National Instruments offer LabView and Multisim for Linux/Unix ?
    or do Adobe offer it's most popular products like Photoshop and Illustrator for Linux/Unix ?
    Answer is NO they dont and most people who use these softwares are not average joes :D
     
  17. hit&run

    hit&run Elite Member Elite Member

    Joined:
    May 29, 2009
    Messages:
    5,498
    Likes Received:
    4,680
    And Indian companies like TATA and Ministry run by Kapil Sibal was pretty confident about Huwai products for some unknown reasons. Even admitted that they can not dig into their source code because we do not have labs for it. Height of stupidity by Indian policy makers.
     
  18. LurkerBaba

    LurkerBaba Staff Administrator

    Joined:
    Jul 2, 2010
    Messages:
    6,769
    Likes Received:
    3,678
    Location:
    India
    Autodesk Maya, the baap of 3D modelling software was originally made for Linux.

    Linux machines are used to make Beowulf Clusters for use in 3D render farms

    Photoshop and Illustrator run fine on Mac. btw Mac is the industry standard for video editing (Final Cut Pro)
     
  19. The Messiah

    The Messiah Bow Before Me! Elite Member

    Joined:
    Aug 25, 2010
    Messages:
    10,788
    Likes Received:
    4,552
    I buy individual parts, assemble it and install windows myself.
     
  20. W.G.Ewald

    W.G.Ewald Defence Professionals/ DFI member of 2 Defence Professionals

    Joined:
    Sep 28, 2011
    Messages:
    14,140
    Likes Received:
    8,529
    Location:
    North Carolina, USA
    2 out of 3 isn't bad.
     
  21. Apollyon

    Apollyon Führer Senior Member

    Joined:
    Nov 13, 2011
    Messages:
    2,600
    Likes Received:
    2,380
    Location:
    आर्यावर्त
    You know what this proves ? Most of the Engineers use Windows XP/Vista/7 :D
    If i suddenly start using Linux/Unix (not talking of Apple OS here) based OS instead of Windows, i wont be able to use LabView, Multisim, Adobe illustrator, Solidworks etc., and it would be completely useless for me.
    and yes i know Mac is a industry standard for Photo and Video Editing and preferred by Graphic designers.
     

Share This Page