Download backdoor found in Windows Update

By

No protection currently available for Bits flaw.

Download backdoor found in Windows Update
A security firm has warned that parts of Windows designed to download official patches and updates are being used to download malicious files. 

Elia Florio, security response engineer at Symantec, said on a company blog that the Background Intelligent Transfer Service (Bits) in Windows had been used to download files to PCs infected with a Trojan. 

"Using Bits to download malicious files is a clever trick because it bypasses local firewalls, as the download is performed by Windows itself and does not require suspicious actions for process injection," she said.

Florio also warned that there is currently no way to stop files being downloaded using this attack.

"At the moment there is no immediate workaround against this type of attack as it is not easy to check what Bits should download and not download," she said.

"Probably the Bits interface should be designed to be accessible only with a higher level of privilege, or the download jobs created with Bits should be restricted to only trusted URLs."

The Downloader Trojan that uses this attack was emailed out in spam messages in Germany at the end of March 2007.

Florio said that it was worth mentioning that the Bits download method is already well-documented in the underground and was posted as an "anti-firewall loader" example on a Russian forum at the end of 2006.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?