But 3322.org has been fingered by security experts as a haven for malware websites, a so-called "bulletproof" hosting company, named that because it's supposedly impervious to takedown.

Zcaler, for instance, has claimed that 3322.org accounted for 17% of the world's malicious URL traffic, while Kaspersky Lab has said that 40% of all malware has, at one point or another, connected to the domain.

"This is one of the most prevalent call-home locations used by malware in the Nitol family," said Paul Duckin of Sophos, in a , referring to 3322.org.

Microsoft discovered the Nitol-new PC connection last year when Boscovich's team purchased 20 new desktop and laptop PCs in China, and found all 20 using counterfeit copies of Windows XP or Windows 7.

Four of the PCs had malware pre-installed, and while three of those machines' threats were inactive, the fourth immediately connected to a Nitol C&C server for instructions.