‘Cyber criminals will focus on production lines of computers’

0
285

Cyber criminals target poorly secured production lines in China to get their malware on brand new pcs. That puts Microsoft in an investigation into the Nitol botnet. The Nitol malware would now be harmless.

Researchers of Microsoft bought in several Chinese cities in a total of twenty new computers: ten desktopmodellen and ten laptops. From inspection of the machines appeared, of which four are already out of the box infected with various types of malware. The malicious software would already be in the factory on the computers are installed. According to Microsoft, cybercriminals on the one or other way of access to the production lines of the unnamed manufacturers which the malware on brand-new systems can be installed.

Microsoft has in its research, that was performed by the Operation b70 team, focus on the elimination of the Nitol malware. This is the hijacking of sensitive login credentials and is controlled via a botnet. Nitol explained from infected computers to contact servers on the domain 3322.org.

Behind this domain, that is in the hands of a Chinese hosting company that offers free webspace to offer, would be to 70,000 subdomains are hidden. In these subdomains would be approximately five hundred different types of malware have been detected. The owner of 3322.org please let the BBC know that it is for its users is strictly forbidden to spread malware, but that it is by the 2.8 million subdomains that it has the abuse can not exclude.

The software giant has in the U.S. now a judicial order is obtained to which the registrar Public Interest Registry became mandatory for all traffic to the domain name 3322.org to Microsoft servers to the routing. Microsoft has to own say a filter system to set up that normal traffic is still is routed to 3322.org but malware, including Nitol, is blocked.