Microsoft Corporation (NASDAQ:MSFT) announced that it has disrupted an emerging botnet named “Nitol”. On September 10th, a U.S. District court granted Microsoft’s Digital Crimes Unit a temporary restraining order which allowed it to take over the domain that hosted Nitol. This action followed a Digital Crimes Unit study (available in the announcement linked to above) which showed that many computers are coming to market preinstalled with Nitol and other malware.
Nitol is especially dangerous as a) a cybercriminal doesn’t have to trick a user into running an application for infection to occur, and b) it is designed to be spread through removable media, like flash drives, and also mapped network shares. Nitol allows the attacker to do anything he/she wishes to do including activating cameras and microphones to spy on users, run any software they choose and attack other computers on the internet.
The study noted above originally was designed to look into unsecure supply chains. Microsoft found that four out of twenty (20%) computers it purchased came with Nitol and/or other malware preinstalled. From there Microsoft proceeded with an investigation into Nitol that led to the temporary injunction against the host domain. The domain taken over by Microsoft contained 500 different strains of malware hosted on more than 70,000 sub-domains.
Cybercriminals can introduce malware at any point along the supply chain from factory floor to retail shop, and unfortunately for consumers it’s often difficult to know whether or not a device they are buying came through a secure supply chain.
If you’re concerned that your computer may be infected with malware, Microsoft offers some tools and tips here.