まぁこの手の噂は前から指摘されていたが、今回はMicrosoft社が証明したようだね。
ソースは英文なのでまぁ気になる人はチェックしてくれ
中国大使の急死や金融大臣の不審な自殺が相次いでいるが、平和ボケで骨抜きの日本人には陰謀に対して鈍感になり過ぎだとおもうね。
工場で不正ソフトをインストール
その一環として、中国のさまざまな都市でデスクトップパソコン10台、ノートパソコン10台を購入して調べたところ、このうち4台からウィルス感染が見つかった。感染が確認された中国メーカーは複数に及ぶ。
ビデオカメラやマイクロフォンを遠隔操作する機能や、ユーザーのキーボード操作を追跡するキーロガー機能、サイバー攻撃を隠す機能なども持つという。
一般にウィルスなどのマルウェアはネット経由で感染、侵入するものと考えられてきた。出荷時からプリインストールされているとしたら、ファイアーウォールなども無意味である。
中国製のパソコンや情報端末の購入には、慎重になったほうがいいようだ。
Microsoft Finds Nitol Botnet Malware Pre-Installed On PCs At Factories
Microsoft finds Nitol in brand new Chinese PCs and seizes domain to kill it off
Microsoft has discovered that several new computers in China have been carrying the Nitol botnet malware – and it was installed at the factory.
The malicious software allows cyber criminals to steal personal information such as bank account details and take control of personal computers. A US court has granted Microsoft permission to seize control of one Chinese domain which has been linked to cybercrime since 2008.
Chinese Malware
Investigators from a Microsoft gruop called “operation b70″ bought ten desktops and ten laptops from different cities in China and found that four were infected by viruses, which had been installed by some Chinese PC manufacturers. Of particular concern is a botnet virus called Nitol which is used to steal from online bank accounts and carry out distributed denial of service (DDoS) attacks.
Nitol attempted to connect to its command and control system as soon as the PC was switched on and was eventually linked to the 3222.org domain. This domain had 70,000 different sub-domains used by 500 different types of Malware.
Microsoft also found malware that was capable of remotely operating microphones or video cameras as well as keyloggers that track every key entered by a user, revealing sensitive information such as passwords.
An American court has now given Microsoft permission to seize control of the 3322.org domain where the botnet was hosted, and allow it to filter traffic. The domain’s owners have said that they have a “zero tolerance” policy towards illegal malware but with 2.85 million domains, this was difficult to enforce in practice. Last year, a Chinese mobile security firm was accused of bundling viruses with its anti-malware software.
Nitol
“Earlier this week, the US District Court for the Eastern District of Virginia granted Microsoft’s Digital Crimes Unit permission to disrupt more than 500 different strains of malware with the potential for targeting millions of innocent people,” said Richard Domingues Boscovich, assistant general counsel, Microsoft Digital Crimes Unit. “Codenamed ‘Operation b70,’ this legal action and technical disruption proceeded from a Microsoft study which found that cybercriminals infiltrate unsecure supply chains to introduce counterfeit software embedded with malware for the purpose of secretly infecting people’s computers.
“In disrupting these malware strains, we helped significantly limit the spread of the developing Nitol botnet, our second botnet disruption in the last six months.”
Microsoft said that the most disturbing fact was that the counterfeit software could have entered the supply chain at any point and warned consumers that if a deal was too good to be true, it probably was.
The company released an update in June to address a certificate issue exploited in the Flame malware attacksand another Microsoft investigation, operation b71, has been trying to take down the Zeus Botnet network.
“Microsoft is fully committed to protecting consumers by combating the distribution of counterfeit software and working closely with governments, law enforcement and other industry members in these efforts,” continued Domingues Boscovich. “Our disruption of the Nitol botnet further demonstrates our resolve to take all necessary steps to protect our customers and discourage criminals from defrauding them into using malware infected counterfeit software.”