Microsoft is acting against the growing Nitol botnet that it claims has been activated by malware sneaked thru PC suppliers.
Richard Boscovich, assistant general counsel in Microsoft’s Digital Crimes Unit, said the Nitol botnet originates and spreads from vulnerable supply chains where cybercriminals inserted fake software diffused with malware.
The software giant said it is trying hard to figure out how to cut off the malware strains used and has had rough success in disinfesting the Nitol botnet springing up through their distribution.
Cybercriminals personally take the software to PC supply chains and put malware-infested computers into retailers; consumers buy these units, which allow the Nitol botnet to deploy without the user’s knowledge.
He took advantage of the announcement to remind consumers the value of purchasing hardware and software with proper certififications.
“What’s especially disturbing is that the counterfeit software embedded with malware could have entered the chain at any point as a computer travels among companies that transport and resell the computer,” he said.
“So how can someone know if they’re buying from an unsecure supply chain? One sign is a deal that appears too good to be true. However, sometimes people just can’t tell, making the exploitation of a broken supply chain an especially dangerous vehicle for infecting people with malware.”
Microsoft conducted an investigation that found some consumers buying hardware from what it called as an unsecure PC supply chain.
The compromised retailer had 20 percent of its purchased hardware tainted with malware, which include variants capable of spreading out through USB flash drives.
In this scenario, a home network or a colleague in the office, for example, can spread the infection from one computer to another one with relative ease and a faster rate.
“We found malware capable of remotely turning on an infected computer’s microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim’s home or business,” he added.
“Additionally, we found malware that records a person’s every key stroke, allowing cybercriminals to steal a victim’s personal information. The Nitol botnet malware itself carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim’s computer to allow even more malware – or anything else for that matter – to be loaded onto an infected computer.”
Microsoft has assumed control of the 3222.org domain, which hosted the Nitol botnet, and is blocking almost 70,000 other malicious subdomains, Boscovich added.
“This action will significantly reduce the impact of the menacing and disturbing threats associated with Nitol and the 3322.org domain, and will help rescue people’s computers from the control of this malware,” he informed.
Source: Microsoft Technet
Image: Ben Lakey via Flickr (CC)