Hackers hijack Windows Update's downloader
section: windows, for your questions: KezNews forum, 10.5.2007
Tip: Click here to update all your PC's outdated driversHackers are using the file transfer component used by Windows Update to sneak malware past firewalls, Symantec researchers said today.
he Background Intelligent Transfer Service (BITS) is used by Microsoft Corp.'s operating systems to deliver patches via Windows Update. BITS, which debuted in Windows XP and is baked into Windows Server 2003 and Windows Vista, is an asynchronous file transfer service with automatic throttling -- so downloads don't impact other network chores. It automatically resumes if the connection is broken.
"It's a very nice component, and if you consider that it supports HTTP and can be programmed via COM API, it's the perfect tool to make Windows download anything you want," said Elia Florio, a researcher with Symantec's security response team, on the group's blog. "Unfortunately, this can also include malicious files."
Florio outlined why some Trojan makers have started to call on BITS to download add-on code to an already compromised computer. "For one simple reason: BITS is part of the operating system, so it's trusted and bypasses the local firewall while downloading files."
Malware, particularly Trojans, which typically first open a back door to the system for follow-on code, needs to sidestep firewalls to bring additional malicious software -- a keylogger, for instance -- to the PC. "[But] the most common methods are intrusive [and] require process injection or may raise suspicious alarms," said Florio.
"It is novel," said Oliver Friedrichs, director of Symantec's security response group. "Attackers are leveraging a component of the operating system itself to update their content. But the idea of bypassing firewalls isn't new."
Symantec first caught chatter about BITS on Russian hacker message boards late last year, Friedrichs added, and has been on the lookout for it since. A Trojan spammed in March was one of the first to put the technique into practice.
"The big benefit BITS gives them is that it lets them evade firewalls," said Friedrichs. "And it's also a more reliable download mechanism. It's free and reliable, and they don't have to write their own download code."
Although BITS powers the downloads delivered by Microsoft's Windows Update service, Friedrichs reassured users that there was no risk to the service itself. "There's no evidence to suspect that Windows Update can be compromised. If it has a weakness, someone would have found it by now.
source: computerworld.com
>> Click Here to Run a Free Scan for PC Errors <<
Send link 2 friend | Permalink
MORE RELATED ARTICLES:
Download Bing Wallpapers & Set as Desktop Wallpaper with Wallpaper Downloader || Microsoft Posts $250,000 Reward for PC Hackers || Windows 7 Migration Tool to Move From Windows XP to Windows 7 || Windows 7 RC Brings Windows XP Mode Beta and Windows Virtual PC Beta || Windows Reactivator 2.0 - Backup & Restore Activation Status of Windows XP with Windows Reactivator
Comments(3)
gee can you be a little more clear ?
first you name the article "hackers hijack
windows update dowloader"
then you end your aticles saying "there's no evidence
windows update can be compromised"
if cryptology is your passion, make encryption
software, but don't vent your passion in articles !
do we have to turn off automatic windows update cause it's highjacked or we leave it on
cause there is no "evidence it can be compromised" ?
disable windows update then go get autopatcher
No new comments are allowed for this article.
For your questions use our KezNews Forum
Windows 7 RTM 7600.16385.090713-1255 HERE !
hijacked or not ???
By Voy on 11.05.2007 - 09:05