Security Bytes

May 11 2007   5:20AM GMT

How the bad guys are using Windows Update

Leigha Leigha Cardwell Profile: Leigha

Windows Update, a popular tool for patching computers, is now being used by the bad guys to push malware onto targeted systems.

According to Symantec’s Security Respose Center blog, a Trojan detected as Downloader used an “interesting technique” to download files involving a Windows component named BITS (Background Intelligent Transfer Service), the main service used by Windows Update to download patches and keep the operating system updated.

“Why does malware use BITS for downloading files? For one simple reason: BITS service is part of the operating system, so it’s trusted and bypasses the local firewall while downloading files,” Symantec researcher Elia Florio wrote in the blog. “Malwares need to bypass local firewalls but, usually the most common methods found in real samples are intrusive, require process injection or may raise suspicious alarms.”

At the moment, Florio said, there’s no immediate workaround against this type of attack. “It’s not easy to check what BITS should download and not download,” Florio added. “Probably the BITS interface should be designed to be accessible only with a higher level of privilege, or the download jobs created with BITS should be restricted to only trusted URLs.”

Technorati Tags: , ,

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: