It's unlikely that the malware was planted at the factory, said Boscovich, who said that some of the infected PCs were from brands recognizable to Westerners. He declined to name those manufacturers, however.

"In this particular region [China], most PCs come with the DOS operating system, and customers rely on the retailer to install a more modern operating system," said Boscovich. "Somewhere in the retail supply chain, a retailer puts on Windows."

That's the probable point in the chain where the infections occur.

"The porous nature of the supply chain puts people, consumers and their friends and family, at risk as criminals find new ways to compromise computers," Boscovich said.

Nitol is not a new threat -- it was first discovered in 2008 -- but with tens of thousands of variants this year alone, it's created what Sophos called a "veritable web of cyber criminality."