Hackers Hijack Windows Update's Downloader
Gregg Keizer writes on InfoWorld:
Hackers are using Windows Updates' file transfer component to sneak malicious code downloads past firewalls, Symantec researchers said Thursday.More here.
The Background Intelligent Transfer Service (BITS) is used by Microsoft's operating systems to deliver patches via Windows Update. BITS, which debuted in Windows XP and is baked into Windows Server 2003 and Windows Vista, is an asynchronous file transfer service with automatic throttling -- so downloads don't impact other network chores. It automatically resumes if the connection is broken.
"It's a very nice component and if you consider that it supports HTTP and can be programmed via COM API, it's the perfect tool to make Windows download anything you want," said Elia Florio, a researcher with Symantec's security response team, on the group's blog. "Unfortunately, this can also include malicious files."
Florio outlined why some Trojan makers have started to call on BITS to download add-on code to an already compromised computer. "For one simple reason: BITS is part of the operating system, so it's trusted and bypasses the local firewall while downloading files."
0 Comments:
Post a Comment
<< Home