That PCs are being pre-installed with malware during or soon after manufacture confirmed a long-held suspicion that had prompted Microsoft to investigate supply chain security, the firm said.

"What's especially disturbing is that the counterfeit software embedded with malware could have entered the chain at any point as a computer travels among companies that transport and resell the computer," Microsoft said in a blog introducing its investigations.

Anyone installing malware during manufacture - that is before any form of security is added - would have an important head start over security systems that might be installed on the PC at a later point. The only way around this would be for the customer to reinstall the operating system after purchase using a known secure image.

As PC malware scandals go this is about as bad as it gets; Operation B70 offers an unpleasant glimpse of the state of PC security and asks questions of the security of the supply chain.

Microsoft was earlier this week granted permission by a US court to take control of the C&C servers being used to direct the Nitol botnet.