Some computers have been infected with malware on the PC production line, says Microsoft, which has won a US court's permission to disrupt this new tactic by cybercriminals.
A Microsoft study found several new computers carrying malware installed in the factory. The viruses were discovered when Microsoft digital crime investigators bought PCs, desktops and laptops from different cities in China.
Microsoft said the criminals behind the malicious program had exploited insecure supply chains to get viruses installed as PCs were being built.
One of the viruses, called Nitol, steals personal details to help criminals steal from online bank accounts.
A US court has now granted Microsoft's Digital Crimes Unit
permission to disrupt more than 500 different strains of malware
with the potential for targeting millions of innocent people, said
Richard Domingues Boscovich, a Microsoft lawyer in
The court has given Microsoft permission to seize control of the web domain which it claims is involved with the Nitol infections. This will allow it to filter out legitimate data and block traffic stolen by the viruses.
"Codenamed 'Operation b70,' this legal action and technical disruption proceeded from a Microsoft study which found that cybercriminals infiltrate unsecure supply chains to introduce counterfeit software embedded with malware for the purpose of secretly infecting people's computers," Boscovich wrote.
"In disrupting these malware strains, we helped significantly limit the spread of the developing Nitol botnet, our second botnet disruption in the last six months."
A supply chain between a manufacturer and a consumer becomes unsecure when a distributor or reseller receives or sells products from unknown or unauthorised sources, he explained.
"In Operation b70, we discovered that retailers were selling computers loaded with counterfeit versions of Windows software embedded with harmful malware. Malware allows criminals to steal a person's personal information to access and abuse their online services, including e-mail, social networking accounts and online bank accounts."
"Examples of this abuse include malware sending fake e-mails and social media posts to a victim's family, friends and co-workers to scam them out of money, sell them dangerous counterfeit drugs, and infect their computers with malware, Boscovich wrote.
"What's especially disturbing is that the counterfeit software embedded with malware could have entered the chain at any point as a computer travels among companies that transport and resell the computer."
Microsoft found malware capable of remotely turning on an infected computer's microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim's home or business, Boscovich wrote.
Cybercriminals have made it clear that anyone with a computer could become an unwitting mule for malware and the Microsoft's action is a step toward preventing that, he wrote.