fb-pixelMicrosoft finds malware on new computers in China - The Boston Globe Skip to main content

Microsoft finds malware on new computers in China

WASHINGTON — A customer in Shenzhen, China, took a new laptop out of its box and booted it up for the first time. But as the screen lit up, the computer began taking on a life of its own. The machine, triggered by a virus hidden in its hard drive, began searching across the Internet for another computer.

The laptop, supposedly in pristine, super-fast, direct-from-the-factory condition, had instantly become part of an illegal global network capable of attacking websites, looting bank accounts, and stealing personal data.

For years, online investigators have warned consumers of the dangers of opening or downloading e-mail files from suspicious sources. Now, they say, malicious software and computer code may lurk on computers before the bubble wrap comes off.

Advertisement



The shopper in this case was part of a team of Microsoft researchers in China investigating the sale of counterfeit software. They received a sudden introduction to malware called Nitol. The incident was revealed in court papers unsealed Thursday in a federal court in Virginia. The records describe a new front in a legal campaign against cybercrime being waged by the maker of the Windows operating system, which is the biggest target for viruses.

The documents are part of a computer fraud lawsuit filed by Microsoft against a web domain registered to a Chinese businessman named Peng Yong. The company says the domain is a major hub for illicit Internet activity and home base for Nitol and more than 500 other types of malware, which makes it the largestrepository of infected software Microsoft officials have encountered.

Peng, the owner of an Internet services firm, said he was unaware of the Microsoft suit. He denied the allegations and said his company does not tolerate improper conduct on the domain, 3322.org. Three other unidentified individuals accused by Microsoft of establishing and operating the Nitol network are also named in the suit.

Advertisement



What emerges from the court records and interviews with Microsoft officials is a picture of how vulnerable Internet users have become, in part because of weaknesses in computer supply chains. To increase their profit margins, less reputable computer makers and retailers may use counterfeit copies of software products to build machines cheaply. Plugging the holes is nearly impossible, and that leaves openings for cybercriminals.

‘‘They’re really changing the ways they try to attack you,’’ said Richard Boscovich, a former federal prosecutor and a senior attorney in Microsoft’s digital crimes unit.

Distance does not equal safety. Nitol, for example, is an aggressive virus found on computers in China, the United States, Russia, Australia, and Germany. Microsoft has even identified servers in the Cayman Islands controlling Nitol-infected machines. These compromised computers become part of a botnet, or collection of compromised computers; it is one of the most invasive and persistent forms of cybercrime.

For Microsoft, pursuing cybercriminals is a smart business. Its Windows operating system runs most of the computers connected to the Internet. Victims of malware are likely to think their problems stem from Windows, and that hurts the brand.

But more than Microsoft’s image is at stake when counterfeit products are tainted by malware, Boscovich said. ‘‘It’s more than simply a traditional intellectual property issue. It’s now become a security issue.’’

US District Judge Gerald Bruce Lee, who is presiding in the case, granted a request from Microsoft to steer Internet traffic from 3322.org that has been infected by Nitol and other malwares to a special site called a sinkhole.

Advertisement



.