In a previous blog I looked at the claims by Microsoft that brand new computers that it bought in China came infected with the Nitol botnet.
Microsoft said that this was down to ‘cyber criminals infiltrating unsecure supply chains to introduce counterfeit software embedded with malware for the purpose of secretly infecting people's computers'. It had successfully taken down the Nitol botnet that week after being granted a temporary restraining order for the owners of the 3322.org domain, which it said was hosting the malware.
However after SC, other news sites and the industry speculated that the malware could have infected the computers at the factory, at the retailer from whom the customer received it, via the wholesalers or even the transport providers, it seems that we were wrong.
A report by the British Computer Society (BCS) said that malware was not being installed on computers in the production line, and instead is being introduced to the machines once they leave the factory.
Citing Microsoft's Digital Crimes Unit, which said earlier reports of viruses being installed in the factory are untrue, Microsoft has said that it is unlikely that the malware was introduced to the machines in the factory but it was probably added by a ‘distributor, transporter or reseller'.
My inbox often has suggestions for ideas or comments on ‘securing the supply chain', and for this instance it seems like it is a thing to consider. If the machines were leaving the factory clean and arriving at the retailer infected, then there is a weak link somewhere in the chain.
How this is prevented could be straight-forward in my view, surely once the computer reaches the end of the production line it should be shrink-wrapped and given a security seal. If it is works for jars of jam, then why not for PCs?