clock menu more-arrow no yes

Filed under:

Microsoft disrupts millions of botnet connections after discovering PCs with preloaded malware

New, 33 comments

Microsoft says it has discovered PCs being sold to consumers preloaded with counterfeit versions of Windows and malware, leading to the participation in illegal botnets.

The Verge Gaming Rig 1024
The Verge Gaming Rig 1024

Microsoft revealed this week that it has helped disrupt more than 500 different strains of malware in an attempt to slow the emerging threat of the Nitol botnet. In an operation codenamed b70, Microsoft discovered retailers in China selling computers with counterfeit versions of Windows loaded with malware. Part of an unsecure supply chain, the malware-equipped versions of Windows could have been installed at any part of a process when a computer travels through various companies that transport and resell it.

In a study focusing on the Nitol botnet, Microsoft discovered that 20 percent of the PCs its researchers purchased from an unsecure supply chain in various cities in China were infected with malware. Microsoft is calling on suppliers, resellers, distributors, and retailers to safeguard consumers from purchasing machines loaded with malware. "They need to adopt and practice stringent policies that ensure that the computers and software they purchase and resell come from trustworthy sources," says Microsoft's Richard Domingues Boscovich.

Microsoft has previously disrupted the Kelihos (around 100,000 machines) and Zeus botnets (around 13 million infections) by working closely with US officials. For this week's Nitol botnet disruption, a court granted Microsoft's request to takeover the domain name, which hosted the Nitol botnet, through a DNS redirect — allowing the company to block Nitol and other malicious subdomains hosted at the site, including over 37 million malware connections. "Cybercriminals have made it clear that anyone with a computer could become an unwitting mule for malware," says Boscovich. "Today’s action is a step toward preventing that."