https://www.pcworld.com/article/262325/your_pc_may_come_with_malware_pre_installed.html
Microsoft researchers investigating counterfeit software in China were stunned to find that brand new systems being booted for the first time ever were already compromised with botnet malware right out of the box.
Microsoft zaps botnet found pre-installed with counterfeit Windows
Nitol's command & control—plus 70,000 other malware sites—were run on seized domain.
"Pre-loaded" PC malware leads to domain takeover
Botnet icon A US District Court has given Microsoft permission to take down the command and control servers and domains of over 500 strains of malware. The Eastern District of Virginia was asked by Microsoft's Digital Crimes Unit to allow them to disable these domains as part of "Operation b70", which has its roots in a study carried out by Microsoft in China.
Microsoft applies 'surgical sinkhole' to strangle botnet installed on new PCs
Uncovers out-of-the-box Chinese machines infected with 'Nitol,' uses new DNS sinkhole strategy to kill botnet's comm links
It's also blocking access to approximately 70,000 malware-plagued subdomains of 3322.org, a Chinese web hosting firm
"Microsoft has told us that this is literally the biggest botnet it's dealt with,"
But 3322.org has been fingered by security experts as a haven for malware websites, a so-called "bulletproof" hosting company, named that because it's supposedly impervious to takedown.