In 'Operation B70' started in August 2011, how its Digital Crimes Unit (DCU) bought 20 brand new laptops and desktop PCs from various cities in China, finding that four were infected with pre-installed backdoor malware, including one with a known rootkit called 'Nitol'.

Tracing Nitol's activity back to an extensive network of global command and control (C&C) servers, the team discovered that the malware that has infected PCs to build a larger bot, most probably used to launch DDoS attacks.

Once in situ, Nitol would spread beyond the PCs on which it had been pre-installed by copying itself to USB and other removable drives.

Disturbingly, other malware hosted on the main domain used as C&C by Nitol was capable of performing just about every nasty in the malware criminal's armoury, including keylogging, controlling webcams, and changing search settings.

This hints at the disturbing possibility that the pre-installed malware tactic is almost certainly much more significant than previously realised.