Facebook Plunges Again
Tumblr 101: Tips And Tricks To Get Started
Hackers use Windows Update to download malicious code
Microsoft's Windows Update has a component called Background Intelligent Transfer Service (BITS) that downloads updates while you're busy doing other things with your computer. If you get disconnected, the update will pick up where it left off when you get back on the network.Sounds great, right? Well, generally it is. But since BITS is part of your operating system, your firewall doesn't really check to see what it's downloading. And while there is pretty much no risk of automatically downloading a virus or trojan through Windows Update under normal circumstances, hackers are starting to use BITS to download code to computers that have already been affected.
Say you click that file attachment in an email from an unknown source, expecting to see compromising photos of a young starlet. Turns out there's no photo, so you shrug and move on. Next thing you know, you're computer's trying to download all sorts of files to capture your passwords. Normally your firewall would help protect your computer from such attacks, but since BITS can fly under the radar, you may be out of luck.
According to a Symantec researcher there's no way to prevent hackers from using BITS right now, but Microsoft could redesign BITS to require a higher user level in order to work. Or Microsoft could only allow BITS to download files from trusted sources.
Comments
24
Subscribe to commentsMorganMay 14th 2007 5:09PM
The BITS service was designed to allow developers to take advantage of it's throttling & resumable downloads. Microsoft Update uses it for those reasons, but you could build your own distribution service around it. It really shouldn't have a list of allowed servers. As far as trusted service...it's just a download component, it doesn't have any special privileges on the system.
Isn't this just the same as previous malware that used TFTP, FTP, HTTP, IRC, NNTP, etc. to download additional components - are all of these dangerous clients that are only used to download malicious code?
Spencer FergusonMay 15th 2007 1:59PM
Great point by Bryan! If a hacker gains control of your system they can use any number of methods to download malicious code. Microsoft BITS is a million times more helpful than harmful/
-SF
http://www.wasatchsoftware.com/microsoft.htm
thoughtcriminalMay 29th 2007 7:36AM
Terrible article.
You IT security reporters are always looking for some revelation by trying to hide the truth from average users. As so many stated: once computer is compromised it deosnn't matter whether it's BITS or any other way. A compromised machine is generaly owned by a hacker.
Before you start writting such articles you should get some more knowledge on the subject.
njJul 20th 2007 8:15AM
Go here
http://microsoftupdatesmirror.blogspot.com/