Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

PC Supply Chains Embed Malware in New PC Equipment

FireEye : 17 September, 2012  (Technical Article)
FireEye comments on the supply of new PC equipment ready loaded with malware that runs a botnet and which was pre-installed within the supply chain
PC Supply Chains Embed Malware in New PC Equipment

Microsoft has discovered an emerging botnet that has been enabled by malware inserted in PC supply chains. The viruses were discovered when Microsoft digital crime investigators bought 20 PCs, ten desktops and ten laptops from different cities in China. It found that 20 percent of the hardware it bought was infected with malware – capable of spreading through USB flash drives – despite the fact that the PCs that were fresh from the factory.

One virus, dubbed Nitol, was capable of stealing personal details that could help criminals infiltrate online bank accounts. It carries out distributed denial of service (DDoS) attacks that are able to cripple large networks by overloading them with Internet traffic, and creates hidden access points on the victim's computer to allow even more malware - or anything else for that matter - to be loaded onto an infected computer.

Paul Davis, director of Europe at FireEye – a leader in stopping advanced targeted attacks – has made the following comments: “It seems that today’s ever-determined hackers have truly upped their game and taken cybercrime to the next astonishing level.  According to Microsoft, some of the malware was capable of remotely turning on an infected computer's microphone and video camera, posing a serious cyber espionage issue for consumers and businesses alike. If the exploitation of supply chain vulnerabilities should become an emerging trend, it should be taken very seriously indeed, as it the impact could be far-reaching, costly and destructive.

“When people buy a new PC, they often expect that machine to be secure out of the box. The fact that malware is being inserted at such an early stage in the product lifecycle turns this on its head and unfortunately means that no matter how discerning a user is online, their caution becomes irrelevant if that PC is already tainted. With so much effort placed on educating users about safety online, it is disturbing to think that we have now entered an age where your personal information could be exposed to hackers simply by purchasing a new computer from a supposedly trusted source and switching it on.

“As with other malware discoveries of late, this calls for an urgent shift in the way that security is purchased, thought about and managed.  With these constantly-shifting goalposts, static perimeter security and anti-virus packages simply aren’t strong enough for businesses today – especially if the computers are already infected at the point of sale, as evidenced here. As hardware travels through so many different suppliers during development, it can be difficult – if not impossible – to pinpoint the source of infection. In this scenario, the only real defence is a holistic, constant and proactive approach to IT security that will plug all security holes, monitor all network activity and stop any intrinsic malware from causing further damage.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo