Monday, 17 September 2012

Malware on new PCs not installed at factory

Microsoft has reported that some new computers are infected with malware.

The mainstream and technical media has taken up this disturbing story and published nearly identical versions, complete with the same quotes.

Sadly they often miss the main point of this incident.

What most stories on this subject claim: malware is pre-installed on new computers at the factory.

What Microsoft's document actually states: malware was found on a computer bought from a shop.

In the report's own words:
"Microsoft’s researchers purchased a Windows laptop computer from computer reseller in Shenzhen, China, which had been carelessly or intentionally infected with Nitol.A."
The Guardian's story uses the headline, "Malware being installed on computers in factories, warns Microsoft" and opens with, "Criminals are installing malware on PCs before they leave the factory, according to Microsoft."

The BBC's version of events claims that, "Malware inserted on PC production lines, says study" continuing with the same flawed statement, "Several new computers have been found carrying malware installed in the factory, suggests a Microsoft study."

The Daily Mail's over-long headline warns that, "Hacker warning as research finds malware installed on computers before they even leave the production line". The report then uses the now-familiar, albeit grammatically incorrect, opening gambit of, "Criminals are installed malware on PCs before they even leave the factory."

There are a vast number of cookie cutter stories very similar to those above on the web.

Microsoft never made this claim, though. In fact its initial research was into the security of supply chains, rather than the internal security of factories. It is far more likely for a small business on the low-margin retail end of the line to engage in this sort of criminal activity than it is for a major manufacturer to compromise itself in this way.

Only one in 20 computers bought by Microsoft was infected.

In its report Microsoft claims to have found a copy of malware known as Nitol on just one of 20 computers that a researcher purchased. Three other PCs contained a few files that (unspecified) anti-virus software detected as being malware. This does not necessarily equate to an infection, though. In fact, as Microsoft notes, "The computer that contained the Nitol virus was the only one that was actively running."

Microsoft has published an article about its findings, which links to the document mentioned above, on its blog.

While this particular piece of research has been misrepresented, there have been verified cases of malware being installed at factories in the past:


18/03/2010 Energizer Trojan keeps going