"'We recently came across a worrisome case in which the Russian mafia was producing perfect copies of Windows with the plastic wrapping and everything. They looked perfect—but of course they had the spyware already loaded on them.'" As ["Amrit"] Williams ["chief of security analysis . . . at . . . tech consultant . . . Gartner"] pointed out, it is not difficult for organized crime to insert such software into the licit market, as syndicates are especially practiced at controlling distribution and retail markets.
— McMafia: A Journey Through the Global Criminal Underworld, by Misha Glenny (N.Y.: Alfred A. Knopf (Borzoi Book ser.), hardcover, 1st ed., 1st U.S. ed. 2008 (4/2008 per dust jkt. rear flap), p. 272 (interviews conducted May 2004 to April 2007, per id., p. 351 (A Note on Sources)) (author a journalist, formerly for BBC).
My main caveat is that the book's author makes clear that he is not a computer expert, even at the user level.
Microsoft could combat this partly by buying random copies and checking the discs, although they probably won't publish which nations or regions are problematic. They'd have more control over the output of computer factories that preload. And, if we're not buying preloaded, it's probably still safer to buy boxed from a major chain than elsewise. Of course, it's too late to insert the latest spyware in 98SE discs, so maybe we could starve the Mafiya that way. (Is someone big pounding on my door?)
On the other hand, Microsoft could easily scan an installed copy for spyware it already found in bad-sale copies. So I suppose the real danger is that spyware is frequently revised, so that new installs are riskier than old activated installs or than any reinstalls with reactivation. And MS could scan randomly-selected entire installs for anything not predictable from installation routines (randomly-selected if full scans are slow). So maybe the problem is mainly with nonactivated copies, copies infrequently on the Internet if that results in the spyware transmitting before being scanned, and installations using non-Internet Explorer browsers if signaling MS to scan depends on IE being the user's browser of choice.
I'm glad there are lots of good OSes to choose from.