Most virus creators rely on exploiting human behavior such as tricking people into clicking bogus links. Now it appears scammers in China find it simpler to just put the virus on the computer before the customer even gets it.
Microsoft researchers recently bought a batch of new desktops and laptops from various Chinese cities as part of ongoing work to find sources of software piracy. They then discovered that four of the machines already had viruses.
Four different viruses appeared on the machines, the most serious of which was called Nitol and attempted to add computers to a botnet. Literally the moment the researchers booted up the machine for the first time, it began attempting to contact the command and control server. It also tried to copy itself to a USB stick as soon as one was inserted into a socket.
The sever was hosted at a domain known to have been used for criminal activity for at least four years: Microsoft said the domain was involved in around 500 different variants of malware.
Although the domain is owned in China, it’s a .org domain meaning the US court system claims authority over it. Microsoft has successfully applied for a court order to take control of the domain and block virus-related traffic. The current owner says he has a zero tolerance policy for illegal activity, but that with nearly three million sub-domains it’s always possible for wrongdoers to slip through the net.
The question now is how the viruses got on to what appeared to be brand new boxed computers. It’s theoretically possible there’s a security weakness in the supply chain and somebody is actively installing the virus on the computers before they leave the factory.
A much more likely answer is that shady manufacturers are using counterfeit software to cut costs and that the people making the knock-off copies aren’t really bothered about making sure what they supply is clean.