Nitol

Posted: September 14, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	2/10
Infected PCs:	347

First Seen:	September 13, 2012
Last Seen:	May 14, 2023
OS(es) Affected:	Windows

Pointing a spotlight on the sometimes-shaky links between PC manufacturers and retailers, Nitol is a backdoor Trojan whose distribution scheme includes being built-in by default with counterfeit Windows-brand operating systems. As a result, no action other than unwrapping, plugging in and booting your computer may be necessary for Nitol to launch itself and offer criminals a means of ingress into your computer through a Command & Control server. Obviously, these attacks are most likely to occur in cases where you've purchased a Windows computer from an untrustworthy dealer, although SpywareRemove.com malware analysts also warn that Nitol has shown capabilities that would let Nitol use removable drive devices as a second method of propagation. Like any backdoor Trojan worthy of the name, Nitol is a serious security vulnerability, and you should use anti-malware software as it's required to delete Nitol and all of its components in safety.

Nitol, the Built-in (Quote) Windows (Unquote) Trojan

Nitol includes worm-based features that allow Nitol to copy concealed files to removable devices and, from there, install itself on any uninfected PC that plugs in the device. However, what truly made Nitol worthy of headline news was its usage of counterfeit Windows machines, which was uncovered during a recent Microsoft-led investigation that forayed into the urban landscape of Shenzhen, China. PCs purchased from shady retailers in that region have been confirmed to include Nitol as part of their default installations, right along with pirated versions of Windows that were never purchased from Microsoft in the first place.

While China's relaxed legal regulations for manufacturers and retailers may be a large part of what allowed Nitol to build up its network in the first place, SpywareRemove.com malware experts note that Nitol infections are being seen all over the globe, comprising in the United States and Europe. With confirmed Nitol attacks on the rise and legal action against the owners of Nitol's malware-rich C&C domain (the infamous 3322.org) still inconclusive, it may very well be worth paying a little more than you'd want to be assured that the 'Windows' computer you buy is the genuine article, rather than a counterfeit.

As is usually the case with backdoor Trojans, SpywareRemove.com malware researchers haven't found any symptoms linked to Nitol's attacks, which conceal themselves in the background as Nitol launches with your OS, itself.

When Saving Some Money May Cost You More Than Usual with a Nitol-Infected PC

Nitol attempts to block several types of anti-virus programs, automatically-gathers basic information about your computer, sends said information to a criminal-operated server and, finally, uses your computer's resources to launch Distributed-Denial-of-Service attacks. However, SpywareRemove.com malware experts are forced to warn that Nitol is also likely to be instructed to launch other attacks that may attempt to install other types of malware, disable security functions and steal passwords or other forms of private data.

Nitol uses a randomly-generated file name and should be detected with anti-malware software whenever possible. Given Nitol's confirmed habit of including some worm-like features, SpywareRemove.com malware analysts also encourage avoidance of network contact with other PCs or any usage of shared storage devices until you've deleted Nitol.

Technical Details

Additional Information

The following URL's were detected:

techadm.site