Microsoft has moved to shut down a botnet infecting users with counterfeit versions of Windows.
The Nitol botnet was installed on computers by attackers during production, Microsoft said. The malware was introduced in counterfeit versions of Windows, which the crooks were able to sneak in to the supply chain.
Nitol carried out distributed denial of service (DDoS) attacks on systems and looks to create backdoor access points for further malware on crippled machines. The discovery was made during a covert Microsoft operation performed on Chinese computer manufactures.
"Cyber criminals have made it clear that anyone with a computer could become an unwitting mule for malware; today's action is a step toward preventing that," said assistant general counsel for Microsoft Digital Crimes Unit Richard Domingues Boscovich in a blog post.
"We will continue to work to protect people that use our products and services from these threats and the cyber criminals behind them."
Boscovich and his team found out about the malware unintentionally. Microsoft investigators based in China were attempting to uncover unauthorised copies of Windows OS on Chinese manufactured computers when they discovered the pre-installed malware.
Microsoft was able to trace Nitol to a Chinese internet service provider known as Bitcomm. The Chinese company was hosting a site known as 3322.org which provided support infrastructure for its malware.
3322.org hosted Nitol and at least 500 other pieces of malware. The set of malware was capable of recording keystrokes, stealing passwords, and secretly recording a user's physical movement.
"We found malware capable of remotely turning on an infected computer's microphone and video camera, potentially giving a cyber criminal eyes and ears into a victim's home or business," continued Boscovich.
Boscovich's team was able to file an ex parte restraining order against Bitcomm and 3322.org to stop the malware proliferation. An ex parte restraining order allows for a judge to hand down the order without the presence of both legal parties.
For his part, 3322.org domain owner Peng Yong says he opposes the use of malware run through his company. Yong says he's against the practice but can't promise it doesn't happen.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago