Is Your Brand New Computer Pre-infected With Malware?

Learn what to do if you think you've got an out-of-the-box infection

Malware detection
"Computer Security Symbol - Malware (rot)" (CC BY-SA 2.0) by Christoph Scholz

There have been recent reports of more and more new computers being pre-infected with malware before they even reach store shelves. This issue highlights the current lack of adequate supply chain security in portions of the computer industry. While the malware infections detailed in most reports seem to originate from component manufacturers overseas, there is no reason to think that this type of thing can't happen domestically as well.

Why would someone want to pre-infect a computer? It's really all about the money. Unscrupulous criminals participate in malware affiliate marketing programs where they are paid to infect as many computers as possible.

Some of these illegal affiliate programs pay participants as much as $250 for every 1000 computers that they can infect. Infecting a computer or component at the factory-level allows these criminals to achieve a huge number of infected computers in a short amount of time with limited effort, since they don't have to bypass traditional security safeguards.

How can you detect malware on your brand new computer?

1. When you first boot up your new computer, don't connect it to a network

Most modern malware will want to connect to a network so that it can communicate with its master command and control software, especially if it's part of a botnet collective. It may also connect to the network to download additional malware or malware updates or to send passwords or other personal information it has gathered from you.

You should isolate your new computer until you can properly scan it to make sure it's not pre-infected.

2. Use another computer to download a Second Opinion Scanner and install it on the new computer

From another computer, download a scanner such as Malwarebytes or another malware-specific scanner and save it to a CD/DVD or a USB hard drive so you can install it on the new computer without using a network connection.

The antivirus software on the new computer may have already been compromised or altered so that it is blind to the malware infection. It may report that there is no infection even though malware is present on the computer, this is why you need a second opinion scanner to make sure that there is no preloaded malware on your computer.

If possible, try and find a malware scanner that can scan your system prior to the start up of the operating system as some malware can hide itself on areas of the disk that can't be accessed by the operating system.

If you find an out-of-the box malware infection, you should return the system to the seller and have them alert the manufacturer of the computer that was infected so that they can investigate the issue.

If you still suspect that your new computer might be pre-infected with malware, consider removing the hard drive, placing it in an external USB drive enclosure, and connecting it to another computer that has current anti-virus and anti-malware software. As soon as you connect the drive from the new computer to the USB port of a host computer, scan the USB drive for viruses and other malware. Do not open any files on the USB hard drive while it is connected to the host computer, doing so could infect the host computer.

Once you have scanned the drive for viruses using a traditional virus scanner, and used an anti-malware scanner, consider using a second opinion malware scanner as well to ensure that no stone is left unturned. Even with all these scans it's possible that the computer’s firmware may be infected, but this is probably much less likely than having a more traditional malware infection that can be detected by malware scanners.

If all scans are 'green', move your hard drive back to the new computer and ensure that you maintain your anti-virus and anti-malware updates and run regularly scheduled scans of your system.

More From Us