Microsoft this week was granted permission to circumvent command and control servers for malware that was previously found pre-installed on new PCs in China.
An investigation into their supply chain by Microsoft, started in August last year, had researchers buy 10 PCs and 10 laptops from retail outlets in China. Four of the 20 machines were found to have malware installed, including Nitol, which makes infected machines part of a botnet.
Microsoft has, as a result of the court’s permission this week, rerouted the infected machines, directing them to a researcher-controller server instead of the malicious location (3322.org, owned by a Chinese company). Doing so has blocked the Nitol botnet and some 70,000 subdomains, which host 565 varieties of malware, while allowing infected machines to access normal web traffic without incident.
Microsoft still needs to look at where the malware is being introduced onto systems. Microsoft’s Richard Boscovich, speaking to CNET, said “Apparently, what happens is the operating system is installed somewhere between the wholesaler and the retailer and it’s possible that somewhere in there malware was introduced.”