In August 2011 Microsoft started an investigation into fake copies of Windows coming out of China. For this investigation, Microsoft employees bought 20 brand new PCs from various Chinese vendors and took them back to HQ to test for forfeit copies of Windows. All twenty machines were found to have pirated versions of Windows installed. More importantly, however, four of the machines had malware on them. Yes that is exactly what it sounds like: brand new PCs with malware, out of the box.
Out of these four infected machines, three had dormant malware while one had an active botnet known as Nitol. Nitol is a known criminal botnet that affects computers around the world, stealing money and doing other things scumbags like to do. Not only is Nitol invasive — in the infected computer Microsoft employees bought, Nitol tried to access the Internet right from the get go — but also very aggressive, copying itself to any external media.
According to Microsoft, more and more users are susceptible to this type of per-installed malware due to the cost-cutting measures by small manufacturers. In order to be able to compete with the likes of HP, Dell, Lenovo, etc., small computer manufactures cut corners and install fake versions of Windows onto computers they sell to customers. These fake Windows are not only more susceptible to malware attacks but, as you can see, some even come with bundled malware.
For the most part, people purchasing from global brands — like the just-mentioned HP, Dell, Lenovo, etc. — have nothing to worry about. Even computers coming out of Chinese factories for these global brands are (should be) relatively safe. You should worry if you have purchased, or are going to purchase, a computer from a relatively unknown manufacturer in a country with lax regulation over counterfeit software.
The computer infected with Nitol that Microsoft tested came from a local Chinese manufacturer named Hedy.
For its part, aside from just dealing with counterfeit Windows, Microsoft’s cyber crime division has filed a lawsuit against Chinese businessman named Peng Yong. Yong is the owner of the domain 3322.org (do not go there), the website Microsoft has identified as not only the point-of-origin for Nitol but also a distributor of “more than 500 other types of malware”.
Yong denies any knowledge or involvement in illicit activities but various security firms have identified 3322.org as playing a big part in malware distribution, from 40% of all malware connecting to the website in 2008 (according to Kaspersky) to 17% of global “malicious web transactions” touching the website in 2009.
The judge presiding over the lawsuit has allowed Microsoft to start redirecting traffic away from 3322.org to inform users about their infected machines. Microsoft says it has so far blocked more than 37 million malware connections from 3322.org.
Regardless of how successful Microsoft is in tackling Nitol, 3322.org, and Peng Yong, the real issue at hand here is the pre-installed malware that is coming with brand new Windows PCs. As already mentioned, if you purchase from global brands you should be safe from pre-installed malware. However, you never know; so if you are paranoid like me, always scan your new PC with a competent anti-virus before doing anything else.
This takes bloatware to a whole new level.