Over the years there have been reports of more and more new computers being pre-infected with malware before they even reach the end-user. This issue highlights the current lack of adequate supply chain security in portions of the computer industry. While the malware infections detailed in most reports seem to originate from component manufacturers overseas, there is no reason to think that this type of thing can’t happen domestically as well. We have seen evidence of Devices shipped from China loaded with malware.
Why would someone want to pre-infect a computer?
It’s really all about the money. Unscrupulous criminals participate in malware affiliate marketing programs where they are paid to infect as many computers as possible.
Some of these illegal affiliate programs pay participants as much as $250 for every 1000 computers that they can infect. Infecting a computer or component at the factory-level allows these criminals to achieve a huge number of infected computers in a short amount of time with limited effort since they don’t have to bypass traditional security safeguards.
New York Times: Microsoft Finds PCs That Ship Pre-Infected
In 2012, The New York Times reported that Microsoft had found some computers are shipping with viruses installed that could affect the security and privacy of the data you save on those machines:
On Thursday, Microsoft said it had discovered several new computers, fresh from Chinese factory floors, that carried a particularly pernicious computer virus one capable of invading bank accounts, starting computer attacks and creating back doors that allow criminals to have their way with infected machines.
Microsoft digital crime researchers purchased 20 new computers from different cities in China and discovered that four of them had been infected with viruses. […]
That virus, called Nitol, reported back to a command and control center hosted by the Web domain 3322.org, which is registered to Bei Te Kang Mu Software Technology. That domain, Microsoft researchers say, hosts 500 different strains of malware. Some are capable of switching on a victimmicrophone or Web camera. Others record victims keystrokes, giving cybercriminals access to their log-in credentials and online bank accounts.
Microsoft got permission from a United States court to take down the network of Nitol-infected computers. The takedown was part of a civil suit brought by Microsoft in its increasingly aggressive campaign called Project MARS, for Microsoft Active Response for Security to take the lead in combating digital crime, rather than waiting for law enforcement to act.
New York Times: Microsoft Finds PCs That Ship Pre-Infected
When You First Boot up Your New Computer, Don’t Connect It to a Network
Most modern malware will want to connect to a network so that it can communicate with its origin command and control software, especially if it’s part of a botnet collective. It may also connect to the network to download additional malware or malware updates or to send passwords or other personal information it has gathered from you. You should isolate your new computer until you can properly scan it to make sure it’s not pre-infected.
Use Another Computer to Download a Second Opinion Scanner and Install It
From another computer, download a scanner such as Malwarebytes or another malware-specific scanner and save it to a CD/DVD or a USB hard drive so you can install it on the new computer without using a network connection. The antivirus software on the new computer may have already been compromised or altered so that it is blind to the malware infection. It may report that there is no infection even though malware is present on the computer, this is why you need a second opinion scanner to make sure that there is no preloaded malware on your computer.
If possible, try and find a malware scanner that can scan your system prior to the startup of the operating system as some malware can hide on areas of the disk that can’t be accessed by the operating system. Additionally, all partitions of a device must be fully scanned or analysed manually using a suitable OS or similar.
If you find an out-of-the-box malware infection, you should return the system to the seller and have them alert the manufacturer of the computer that was infected so that they can investigate the issue.
If you still suspect that your new computer might be pre-infected with malware, consider removing the hard drive, placing it in an external USB drive enclosure, and connecting it to another computer that has current anti-virus and anti-malware software. As soon as you connect the drive from the new computer to the USB port of a host computer, scan the USB drive for viruses and other malware. Do not open any files on the USB hard drive while it is connected to the host computer, doing so could infect the host computer.
Once you have scanned the drive for viruses using a traditional virus scanner and used an anti-malware scanner, consider using a second-opinion malware scanner as well to ensure that no stone is left unturned. Even with all these scans, it’s possible that the computer’s firmware may be infected, but this is probably much less likely than having a more traditional malware infection that can be detected by malware scanners.
If all scans are ‘green’, move your hard drive back to the new computer and ensure that you maintain your anti-virus and anti-malware updates and run regularly scheduled scans of your system.
Suggest an edit to this article
Go to Cybersecurity Knowledge Base
Got to the Latest Cybersecurity News
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
