Cyber criminals have again shocked the industry with the lengths to which they will go to ensure that they can infect PCs with malware after it was discovered products were coming out of the factory already infected.
Microsoft was alerted to the problem after a user bought a laptop that had come out of the factory at Shenzhen in China and on the first boot-up a virus that was lurking on the hard drive was triggered.
The laptop had been bought by a researcher working for the vendor who has been on the look out for counterfeit software.
One of the viruses discovered, Nitol, is used to steal personal details that can be used as part of attempts to get access to bank accounts.
Microsoft revealed the extent of the problem in a report that showed that when it bought 20 PCs, ten laptop and ten dekstops, from different cities in China four of them came with malware already on the hard drive.
The discovery that products are leaving the factory with malware already installed has caused concern in the security industry.
"When people buy a new PC, they often expect that machine to be secure out of the box. The fact that malware is being inserted at such an early stage in the product lifecycle turns this on its head and unfortunately means that no matter how discerning a user is online, their caution becomes irrelevant if that PC is already tainted," said Paul Davis, director of Europe at FireEye.
“As hardware travels through so many different suppliers during development, it can be difficult – if not impossible – to pinpoint the source of infection. In this scenario, the only real defence is a holistic, constant and proactive approach to IT security that will plug all security holes, monitor all network activity and stop any intrinsic malware from causing further damage," he added.