WASHINGTON — A customer in Shenzhen, China, took a new laptop out of its box and booted it up for the first time. But as the screen lit up, the computer began taking on a life of its own. The machine, triggered by a virus hidden in its hard drive, began searching across the Internet for another computer.
The laptop, supposedly in pristine, super-fast, direct-from-the-factory condition, had instantly become part of an illegal, global network capable of attacking websites, looting bank accounts and stealing personal data.
The shopper in this case was part of a team of Microsoft researchers in China investigating the sale of counterfeit software. They received a sudden introduction to malware called Nitol. The incident was revealed in court documents unsealed Thursday in a federal court in Virginia. The records describe a new front in a legal campaign against cybercrime being waged by the maker of the Windows operating system, which is the biggest target for viruses.
The documents are part of a computer-fraud lawsuit filed by Microsoft against a web domain registered to a Chinese businessman named Peng Yong. The company says the domain is a major hub for illicit Internet activity, home base for Nitol and more than 500 other types of malware, which makes it the largest single repository of infected software that Microsoft officials have encountered.
Peng, the owner of an Internet services firm, said he was not aware of the suit. He denied the allegations and said his company does not tolerate improper conduct on the domain, .
“They’re really changing the ways they try to attack you,” said Richard Boscovich, a former federal prosecutor and a senior attorney in Microsoft’s digital-crimes unit.
Distance doesn’t equal safety. Nitol, for example, is an aggressive virus found on computers in China, the United States, Russia, Australia and Germany. Microsoft has even identified servers in the Cayman Islands controlling Nitol-infected machines. All these compromised computers become part of a botnet, or collection of compromised computers.
Nitol appears poised to strike. Infection rates have peaked, according to Patrick Stratton, a senior manager in Microsoft’s digital crimes unit who filed a document in the court case explaining Nitol and its connection to the domain.
