It is rare to find a new PC that doesn't come with additional bells and whistles in addition to the operating system itself. The "bloatware" that PC vendors add on often includes useful tools like third-party security software. It seems, though, that some PCs also come with something more insidious: pre-installed malware.
Microsoft researchers investigating counterfeit software in China were stunned to find that brand new systems being booted for the first time ever were already compromised with botnet malware right out of the box. Microsoft has filed a computer fraud suit against a Web domain registered to a Chinese businessman.
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
The suit alleges that the Nitol malware on the new PCs points the compromised systems to 3322.org. Microsoft claims that the site is a major hub of malware and malicious online activity and hosts Nitol, as well as 500 other types of malware. A Washington Post report states that it's the largest single repository of malicious software ever encountered by Microsoft.
Most users -- particularly most users of the Microsoft Windows operating systems -- are aware of the many online threats. They've been conditioned to install antimalware and other security software, and update it frequently to ensure it can detect and block the latest, emerging threats. It's a problem, though, if the PC is already compromised with malware before the antimalware software is even installed or enabled.
Part of the concern lies in how the pre-installed malware works, or how deeply embedded it is. Most malware can still be identified and removed by security software after the fact. However, malware threats that are planted at the kernel level of the operating system, or in the PC BIOS operate at a level that is too deep, and can avoid detection by most antimalware tools.
Malicious software is big business, and the criminals running the business are often quite clever and innovative when it comes to finding new ways to spread it. Planting malware in PCs, smartphones, or tablets before they're even purchased and unboxed is certainly one way to go about it.
What can you do then to defend against these threats? For starters, buy your PC, tablet, or smartphone hardware from established, respected vendors. If you buy an HP, Dell, Acer, Sony, or other such brand name PC the odds of it being compromised with pre-installed malware out of the box are pretty low. If you buy an Apple iPad, Google Nexus 7, or Amazon Kindle Fire you will most likely get a device free of malware infections. But, if you go bargain shopping online and buy a PC or knock-off tablet from a shady, unknown site the risk is higher.
Regardless, don't assume that just because your PC or mobile device is brand new that it must be safe and free from malware. And, you might not want to trust the pre-installed security software, either, since you can't verify that it's legitimate and free from malware itself. Make sure you install a reliable cross-device security tool to detect and identify malware that may already be present.
This story, "Your PC may come with malware pre-installed" was originally published by PCWorld.