• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Cybercrime   »   Microsoft finds pre-infected PCs, takes down botnet

Microsoft finds pre-infected PCs, takes down botnet

  • Posted on:September 17, 2012
  • Posted in:Cybercrime
  • Posted by:
    Trend Micro
0

A supply chain security flaw that allowed cybercriminals to infect new PCs with malware has been disrupted by Microsoft security researchers.

The malware, a botnet called Nitol, was embedded in counterfeit versions of Windows being shipped on new computers. In a company study exploring the security of their suppliers, Microsoft researchers found malware in 20 percent of the computers bought from an unsecure supply chain. Company spokesman Richard Boscovich noted the particularly troubling fact that the software could have entered the chain at any point, given the number of channels a computer travels through prior to production.

Microsoft affirmed its commitment to protecting consumers from counterfeit software, and it called on suppliers, resellers, distributors and retailers to do the same by enforcing stringent security policies. The action was part of the company’s customer and cloud service protection program, Project MARS (Microsoft Active Response for Security).

The Nitol botnet is designed to carry out distributed denial of service (DDoS) attacks and creates access points on an infected computer that enables additional malware to be loaded without detection.

Following the Nitol chain, Microsoft found the malware was being hosted on a domain with more than 500 different strains of malware spread across 70,000 sub-domains. Other malware on the site included code that could remotely turn on an infected computer’s microphone and video camera, allowing a criminal to spy on users, as well as keylogging malware that could harvest personal information.

The threatening domain, 3322.org, was transferred to Microsoft by a United States court order, allowing the company to block the Nitol botnet and other malicious subdomains, while still allowing the site’s legitimate subdomains to operate normally.

The domain’s owner, Peng Yong, told the Associated Press that he was unaware of Microsoft’s action and claimed innocence, citing the difficulty of fully monitoring the 2.85 million domain names his company manages.

Noting that this is the second botnet the company has disrupted in the last six months, Microsoft cautioned against the risks created by an unsecure supply chain, where distributors or resellers contract with unknown or unauthorized sources, creating an endpoint security risk.

“Cybercriminals have made it clear that anyone with a computer could become an unwitting mule for malware; today’s action is a step toward preventing that,” Boscovich wrote.

Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. Are You Stuck in a Botnet?
  2. Microsoft brings Rustock botnet case to FBI
  3. Microsoft Azure takes off in Australia; what does it mean for security and compliance?
  4. Nearly 40 percent of SMBs plan to move to cloud, Microsoft study finds

Security Intelligence Blog

  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
  • Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Answering IoT Security Questions for CISOs
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • How To Be An Informed Skeptic About Security Predictions
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Skimming and Phishing Scams Ahead of Black Friday and Polish Hacking Team Wins Capture the Flag Competition
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Shared Responsibility Model
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • What Worries CISOs Most In 2019

Follow Us

Trend Micro In The News

  • Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy
  • Trend Micro Partners with Snyk to Fix Vulnerabilities for DevOps
  • Trend Micro Partners With Snyk To Advance DevSecOps
  • Hackers to stress-test Facebook Portal at hacking contest
  • NEW TECH: Trend Micro inserts 'X' factor into 'EDR' - endpoint detection response
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.