The hardware is being sold in China and have infected millions of computers around the world. The software is engineered to spy on users and conduct denial-of-service attacks, Microsoft said.
Richard Domingues Boscovich, assistant general counsel for Microsoft's Digital Crimes Unit said that the cybercriminals "are out to get you," said. "They will do whatever it takes. If the supply chain is how they're going on get on [computers], that's what they're going to do."
Redmond has been carrying out an investigation dubbed "Operation b70." This resulted in the shutdown of the command-and-control system connected to computers infected with "Nitol," a piece of malicious software called a rootkit preinstalled on some of the examined computers. Nitol quickly spreads via removable drives.
Company investigators had Chinese nationals bought 20 laptop and desktop computers from so-called "PC malls" in various Chinese cities. All of the machines had counterfeit copies of Windows XP or Windows 7. Three computers contained inactive malware, but a fourth had a live piece of malware, "Nitol.A," that awoke when the computer connected to the Internet, he said.
In this case the laptops were manufactured by Hedy, a large manufacturer based in Guangzhou, China, and purchased in Shenzhen. The other three computers with inactive malware were from "major manufacturers" but Microsoft is not identifying the brands. It is thought that the computers were infected after the devices left the factory as the OS is installed later in the retail supply chain.