Microsoft has on brand new computers that have employees bought in different cities of China, found malware. Researchers at the company came in on a botnet called “Nitol”. Meanwhile, the software giant, according to a court order may take technical measures to close the botnet.
The “Operation b70” designated action started according to the company in August 2011. Microsoft had carried out the test purchases to verify allegations that malware on computers in China and counterfeit software to be installed before they reach the market. “We wanted a sample of what an average consumer in China is getting,” said Richard Boscovich, Assistant General Counsel of Microsoft’s Digital Crime Unit, told News.com . “We were surprised how quickly we found something that supported our suspicions.”
In four out of 20 computers, the researchers discovered malware that is, among other things be able to spread via USB flash drive. On one computer, there was the Nitol-trojan that installs a back door, thus enabling the construction of a botnet and sending spam. One computer had the backdoor “Trafog” which allows an attacker to access via file transfer protocol (FTP). On the other two machines were the pests “malate” and “EggDrop” installed. Microsoft describes the latter in a blog post rather than suspicious and not necessarily malicious program.
Up to Nitol was not all malware however been active, said Microsoft. Nitol connect with a command server in a domain that belonged to the Chinese company 3322.org. Boscovich, according to the domain is available since 2008 in connection with suspicious activity.
This week, Microsoft was awarded a U.S. federal court in Virginia for permission to bring using the so-called “sinkhole” technique to infected computers to communicate with Microsoft servers rather than controlled by the command server, the hacker. Currently has nearly 70,000 subdomains were more than 565 different types of malware distributed so Boscovich continued. Among them are programs that microphones and cameras turn on, record keystrokes and stealing data.
Meanwhile, head of the Public Internet Registry, Registrar for all. Org domains, the domain 3322.org hosting the botnet Nitol to access DNS server from Microsoft. This allows the company to block the operation of Nitol without legitimate subdomains to be disturbed.
On the problem of pre-installed malware in China said Boscovich, the legislature must recognize the problems and guarantee the security of the supply chain in China. “Apparently, the operating system installed somewhere between the wholesaler and the retailer and it is possible that the malware is introduced somewhere in between.”