Your PC may come with malware pre-installed

14.09.2012
It is rare to find a new PC that doesn't come with additional bells and whistles in addition to the operating system itself. The "bloatware" that PC vendors add on often includes useful tools like third-party security software. It seems, though, that some PCs also come with something more insidious--pre-installed malware.

Microsoft researchers investigating counterfeit software in China were stunned to find that brand new systems being booted for the first time ever were already compromised with botnet malware right out of the box. Microsoft has filed a computer fraud suit against a Web domain registered to a Chinese businessman.

The suit alleges that the Nitol malware on the new PCs points the compromised systems to 3322.org. Microsoft believes the site is a major hub of malware and malicious online activity. Microsoft claims that site in question hosts Nitol, as well as 500 other types of malware. A states that it's the largest single repository of malicious software ever encountered by Microsoft.

Most users--particularly most users of the Microsoft Windows operating systems--are aware of the many online threats. They've been conditioned to install antimalware and other security software, and update it frequently to ensure it can detect and block the latest, emerging threats. It's a problem, though, if the PC is already compromised with malware before the antimalware software is even installed or enabled.

Part of the concern lies in how the pre-installed malware works, or how deeply embedded it is. Most malware can still be identified and removed by security software after the fact. However, malware threats that are planted at the kernel level of the operating system, or in the PC BIOS operate at a level that is too deep, and can avoid detection by most antimalware tools.

Malicious software is big business, and the criminals running the business are often quite clever and innovative when it comes to finding new ways to spread it. Planting malware in PCs, smartphones, or tablets before they're even purchased and unboxed is certainly one way to go about it.