A study by Microsoft has found that cybercriminals are infecting PCs with malware before they even reach a shop, let alone a paying customer. That's right, the ne'er-do-wells have infiltrated the production line, the BBC reports.
Seriously, what chance do we have?
Apparently the criminals exploited insecure supply chains to install viruses while the PCs were still being built. That sounds like a fancy way of saying they sneaked into the factory, but a Microsoft spokesperson confirmed to me that "the malware is loaded after the product is shipped by the original equipment manufacturer to a distributor, transporter, or reseller".
Microsoft's sleuths discovered the viruses when they bought 10 desktops and 10 laptops in China. Four of the 20 PCs were infected with malware even though they were fresh off the shelves.
One of the viruses is called Nitol (isn't that a sleeping aid?) and pilfers personal details to let the bad guys access your online bank account. As soon as your Nitol-infected computer is switched on, it tries to contact the system set up to half-inch your details. Worse, in some cases the bad guys can actually see inside your home.
"We found malware capable of remotely turning on an infected computer's microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim's home or business," said Richard Boscovich, a lawyer in Microsoft's digital crimes unit, in a blog post. Worrying.
Microsoft has been granted permission by a US court to seize control of the web domain 3322.org, which it claims is involved with Nitol. But Peng Yong, owner of the domain, claimed he knew nothing about Microsoft's actions.
"Our policy unequivocally opposes the use of any of our domain names for malicious purposes," he told a news agency. But he added because of the huge number of users, he couldn't rule out some illegal activity.
Honestly, you change your passwords, only download from legal sites, and take all other manner of actions to stay safe online, only to find your PC was infected from the get-go. What can you do?
Let me know your thoughts below or on Facebook.
Update 18 September: Clarified at which stage the malware was added.
Android App 
RSS Feeds 
iPhone App 
Newsletters 
Comments 7
Add your comment
Mark Anderson 16 September, 2012 12:20
If you're PC was infected from the get go? Err... run anti malware before doing anything?
Bit of a no brainer that one.
anonymous 16 September, 2012 14:26
The point is that you would not expect an out of the box machine to be infected. You would not know if your malware was effective because you would not know what you are dealing with. If you have a new machine and just are regular user you would think the camera and microphone coming on a simple design fault or your own error.
ViewRoyal 16 September, 2012 18:07
That's a major advancement for Windows users!
You no longer have to wait to unpack your new PC and plug-it in to get it infected with a Windows virus. It's all done for you now. ;-)
Mark Anderson 16 September, 2012 18:51
@anonymous
Good point.
@ViewRoyal
Of course you realise that it's just as easy to do this with Macs and Linux machines if you have physical access, right? It's just that no-one cares.
damien2501 17 September, 2012 08:52
Scary stuff. I always do a fresh install of windows when I get a new pc. It's normally full of crapware anyway
anonymous 16 October, 2012 13:06
Apple did it first in 2006 with infected ipods.
http://www.independent.co.uk/news/science/apple-admits-selling-ipods-infected-with-computer-virus-420719.html
anonymous 19 October, 2012 16:49
I didn't realize Microsoft started shipping on old Mac Books (picture above). If that's not a mistake, I'd be pissed too if my PC got infected and turned into a Mac.