If you ever wanted proof that website security is a major issue, or that hacking and cyber-attacks are a serious global problem, then you need look no further than the statement issued by Microsoft recently. Microsoft, the world’s largest software producer, has admitted that hackers have uploaded viruses and malware which can help them steal people’s personal data on to millions of new PCs and laptops. After an investigation the company revealed that it had found malware in counterfeit copies of Microsoft Windows which would allow hackers to remotely switch on and control devices like microphones and cameras on machines that were still factory-sealed.
Writing on the corporations blog, Richard Boscovich, Microsoft’s assistant general counsel for its Digital Crimes Unit, confirmed the discovery, adding: “cybercriminals have made it clear that anyone with a computer could become an unwitting mule for malware.”
Naturally the discovery is of real concern for the software giant. Boscovich explained later in the same blog:
“Malware allows criminals to steal a person’s personal information to access and abuse their online services, including e-mail, social networking accounts and online bank accounts. Examples of this abuse include malware sending fake e-mails and social media posts to a victim’s family, friends and co-workers to scam them out of money, sell them dangerous counterfeit drugs, and infect their computers with malware.”
Unfortunately Microsoft has not been able to pinpoint exactly where the malware entered the supply chain, because most machines normally pass through a number of stock rooms after leaving the Microsoft factory before ending up in offices or homes. The malware could well have been unwittingly have been downloaded onto the computers at any stage in the distribution process. So how can people tell if the computer they have purchased has passed through an insecure supply chain? Well, according to Boscovich, that’s the trick part:
“One sign is a deal that appears too good to be true. However, sometimes people just can’t tell, making the exploitation of a broken supply chain an especially dangerous vehicle for infecting people with malware.”
So what has Microsoft done to deal with this malware threat? Well, the company has launched a two-pronged attack on the developing Nitol botnet. Microsoft’s plan of legal action and technical disruption, codenamed “Operation b70”, found that 20 percent of the PCs researchers bought from an unsecure supply chain were infected with malware.
Boscovich wrote: “Our research into Nitol uncovered that the botnet was being hosted on a domain linked to malicious activity since 2008. This study also revealed that in addition to hosting b70, 3322.org contained a staggering 500 different strains of malware hosted on more than 70,000 sub-domains.
“We found malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim’s home or business. Additionally, we found malware that records a person’s every key stroke, allowing cybercriminals to steal a victim’s personal information.
“The Nitol botnet malware itself carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim’s computer to allow even more malware – or anything else for that matter – to be loaded on to an infected computer.”
Boscovich also explained that the malware was capable of transmitting to other computers via USB flash drives, meaning it would spread fast through a family or work place. Microsoft has now been given permission by a US court to shut down the domain behind the scheme.
It has since been confirmed that Microsoft bought computers from “PC malls” in various Chinese cities, all of which had counterfeit copies of Windows XP or Windows 7 installed. Of the twenty PCs purchased, three had inactive malware and one had live malware, called “Nitol.A,” that awoke when the computer connected to the Internet. As yet the problem would appear not to have affected Western physical supply chains, but it has been pointed out that the malware could be transmitted if users downloaded infected software.
If your business needs assiatsnce with security audits, penetration testing or web security solutions from Barracuda Networks, Check Point, Alien Vault and Netwrix, please contact Krypsys on 0845 474 3031 or [email protected].