Elia Florio, security response engineer at Symantec, said on a company blog that the Background Intelligent Transfer Service (Bits) in Windows had been used to download files to PCs infected with a Trojan.
"Using Bits to download malicious files is a clever trick because it bypasses local firewalls, as the download is performed by Windows itself and does not require suspicious actions for process injection," she said.
Florio also warned that there is currently no way to stop files being downloaded using this attack.
"At the moment there is no immediate workaround against this type of attack as it is not easy to check what Bits should download and not download," she said.
"Probably the Bits interface should be designed to be accessible only with a higher level of privilege, or the download jobs created with Bits should be restricted to only trusted URLs."
The Downloader Trojan that uses this attack was emailed out in spam messages in Germany at the end of March 2007.
Florio said that it was worth mentioning that the Bits download method is already well-documented in the underground and was posted as an "anti-firewall loader" example on a Russian forum at the end of 2006.
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
