NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0175 Hackers Hijack Windows Update's Downloader:

Symantec researchers said hackers are using the file transfer component used by Windows Update to sneak malware past firewalls. The Background Intelligent Transfer Service (BITS) is used by Microsoft's operating systems to deliver patches via Windows UPdate. BITS, which debuted in Windows XP and is baked into Windows Server 2003 and Windows VISTA, is an asynchronous file transfer service with automatic throttling -- so downloads don't impact other network chores. It automatically resumes if the connection is broken. Some Trojan makers have started to call on BITS to download add-on code to an already compromised computer for one simple reason: BITS is part of the operating system, so it's trusted and bypasses the local firewall while downloading files. Symantec first caught chatter about BITS on Russian hacker message boards late last year. A Trojan spammed in March was one of the first to put the technique into practice. Although BITS powers the downloads delivered by Microsoft's Windows Update service, Symantec reassured users that there was no risk to the service itself. "There's no evidence to suspect that Windows Update can be compromised. Microsoft was unable to immediately respond to questions about unauthorized BITS use.

(ComputerWorld 10MAY07)

Last Modified: Monday, 21-May-2007 20:01:27 EDT