From the 20 PCs it bought, the corporation found out that 4 PCs came with malware already installed. The malware was every time a trojan horse (a virus program) that was meant to spy the new user. The trojan horse allowed remote access to the Windows PC. It also allowed the attacker to remotely activate a user’s webcam and microphone. Because new PCs don’t come with an antivirus installed it is very difficult for a normal PC user to realize he’s spied.
Microsoft concluded that the malware was installed by criminals that work in the PC production line and by the people that sold the PCs. The problem of infected PCs is not new. These PCs are often referred to as bots and the attacker can control all of them remotely. Botnets (a network of such PCs) are used to make various denial of service or exploit attacks. Each PC from the network is usually silently logging the user’s activity. The attacker can thus find sensitive login details or even details about a user’s bank account or credit card.