Microsoft unveiled details of a forensic study on malware threats that examined name-brand PCs with pirated software installed, as well as counterfeit software DVDs, sourced from Indonesia, Malaysia, Philippines, Thailand and Vietnam. The study, which extends research originally conducted in December 2012, examined a total of 282 computers and DVDs—more than double the original sample—and found an average malware infection rate of 69%, an increase of six points over the preliminary study.

Findings from Microsoft’s Security Forensics team further revealed pirated copies of Windows embedded with malware spread across numerous well-known PC brands, including: Acer, Asus, Dell, HP, Lenovo, and Samsung. Microsoft believes that neither the counterfeit images nor the malware originated from—or were installed by—the individual PC manufacturers. Rather, the computers were likely shipped with non-Windows operating systems, which were later replaced by individuals in the downstream supply chain or retail channel who deal in the illegal duplication and distribution of pirated software.

“Many people assume that buying a name-brand PC is all that’s required to guarantee a good and safe computing experience. They don’t think twice about the software sold with the computer, and whether or not it’s pirated,” said Keshav Dhakad, Microsoft’s director of Intellectual Property for Asia Pacific and Japan.  “But consumers need to beware: while they might think there are great deals to be had by looking the other way, the hidden cost of pirated software is significant, and contrary to popular belief, can’t be remedied by simply running anti-virus software. If a consumer can’t verify that the computer they purchased was shipped with a pre-installed, genuine copy of Windows, their risk of exposure to viruses and spyware—and the potential for data corruption, theft, and financial loss—increases exponentially.”

According to Microsoft’s study, infection rates of pirated software varied significantly across Southeast Asia: the Philippines sample surfaced the lowest volume of malicious software; however at 42%, a full two out of every five computers and DVDs tested was infected. In Vietnam, malware was found on 66% of the pirated DVDs and a full 92% of hard drives tested.

In total, Microsoft’s testing revealed more than 1,131 unique strains of malware and virus infections in its Southeast Asia sample—including the highly dangerous “Zeus” trojan.

Zeus is a password-stealing trojan known to use “keylogging” and other mechanisms to monitor people’s online activity. Keyloggers record a user’s every keystroke in order to steal personal information, including account usernames and passwords. Criminals use this information to steal victims’ identities, withdraw money from their bank accounts, make online purchases using victim’s personal information and access other private accounts. According to the RSA 2012 Cybercrime Trends Report, the Zeus trojan alone is estimated to have caused more than US$1 billion in global losses in the last five years.

Philippine Computer Emergency Response Team (PHCERT) President Lito Averia said, “To keep information safe from cybercriminals, people need to think twice about where they buy PCs. As shown in this study, many unscrupulous retailers in Southeast Asia are selling big name PC brands to consumers with counterfeit, infected software. It’s important to remember that if you don’t know where your digital products come from, you never know what unwanted and dangerous nemeses come along for the ride.” PHCERT is a non-profit organization that aims to provide reliable and trusted point of contact for computers, Internet and other information technology related emergencies.

Atty. Ricardo Blancaflor, Director General of the Intellectual Property Office of the Philippines (IPOPHL), noted that “while the Philippines has the lowest rate of malicious software: at 42%, it doesn’t mean that we should put our guards down. Instead, we should continue to be vigilant against pirated software as it is not only discouraging local innovation but as the studies have shown, it is detrimental to office operations.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s