The malware, embedded in counterfeit versions of Microsoft's Windows OS, is engineered to spy on users and conduct denial-of-service attacks, Microsoft said. It warned that the findings pose fresh questions over the integrity of computer-part supply chains.

Cybercriminals "are out to get you," said Richard Domingues Boscovich, assistant general counsel for Microsoft's Digital Crimes Unit. "They will do whatever it takes. If the supply chain is how they're going on get on [computers], that's what they're going to do."

Microsoft's investigation, dubbed "Operation b70," culminated with the shutdown of the command-and-control system connected to computers infected with "Nitol," a piece of malicious software called a rootkit preinstalled on some of the examined computers. Nitol quickly spreads via removable drives.

The company had led an aggressive drive against counterfeit software and botnets to try to stop the source of cybercriminal activity, much of which is targeted at Windows users due to the high use worldwide of the company's operating system.

Company investigators had Chinese nationals purchase 20 laptop and desktop computers from so-called "PC malls" in various Chinese cities. All of the machines had counterfeit copies of Windows XP or Windows 7, Boscovich said. Three computers contained inactive malware, but a fourth had a live piece of malware, "Nitol.A," that awoke when the computer connected to the Internet, he said.