It was only a matter of time until malware was pre-installed on computers at the factory level. After all, USB drives loaded with malware have been a problem for some time, so you knew that sooner or later someone was going to bypass user interaction and just put the malware directly on the computer before it even reached its owner.
This is what Microsoft discovered recently while investigating in China for counterfeit versions of Windows software (Microsoft has filed a fraud lawsuit against a Chinese Web domain). According to PC World:https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iThe suit alleges that the Nitol malware on the new PCs points the compromised systems to 3322.org. Microsoft believes the site is a major hub of malware and malicious online activity. Microsoft claims that site in question hosts Nitol, as well as 500 other types of malware. A Washington Post report states that it’s the largest single repository of malicious software ever encountered by Microsoft.
Exactly when and where in the supply chain the malware injection occurred is not easy to answer. David Harley’s excellent post on the topic at ESET Threat Blog pointed out that Microsoft hasn’t been specific about its suppliers. Even if it were, I think it would take a bit of investigation to find out at exactly what point the malware was added.
Microsoft checked a relatively small sample of computers — 20 — that were running bootleg versions of Window. Four of those were installed with Nitol. But how many computers were installed with the fake software and the real malware that went undetected by Microsoft?
The PC World article stated that if you purchase your computer from a respected computer company, chances are your PC is safe from the supply-chain trickery. I would like to think that’s true, but I’m a little skeptical. If the machines were built in China, can anyone guarantee the machines aren’t being tampered with?
If you can’t build your own computers, the next best thing is to avoid systems with pre-loaded software. And make sure the first thing you do install is a good security system.