Microsoft has discovered malware in new computers bought by its employees in several cities in China as part of an investigation into the security of the supply chain. The discovery has led researchers to a botnet called Nitol and gets permission to take the technical steps necessary to end the botnet.
Dubbed Operation b70, work began in August 2011, when the company decided to check if in China be was installing illegal software and malware on computers until they reach the shops. So that several employees of the company went to different shops and bought ten notebooks and ten other desktops.
Microsoft researchers found that four of the 20 computers were preloaded with malware, including one capable of spreading via USB sticks. One of them was infected with virus Nitol, that installs a backdoor on your computer so that you can use as part of a botnet to send spam to attack web sites. Another computer had Trafog malware that allows an attacker to remotely access the computer via File Transfer Protocol (FTP). The third had Malat, a backdoor Internet Relay Chat (IRC) and the fourth was infected with EggDrop, which is nothing but suspicious but not necessarily malicious.
While the rest were not active, Nitol immediately tried to connect with the command and control servers, located in a domain owned by a Chinese company regarding malicious activities since 2008.
This week Microsoft has gotten permission from a federal court to use the technique of ‘sinkhole’, or black hole, to make infected computers from connecting to servers controlled by the researchers and not the command and control servers of almost 700 000 565 subdomains that host malware. Some of these malicious codes are able to access the camera and micro computers, recording keystrokes or steal data from infected systems.