RSSSymantec: Windows Update Downloader Can Spread Malware
By Nate Mook | Published May 14, 2007, 5:41 PM
Researchers at Symantec have published a report highlighting how the Background Intelligent Transfer Service (BITS) -- a main component of Windows Update -- is being used by Trojans to download malware that bypasses firewalls and security controls.
BITS runs in the background and downloads patches to Windows without eating up all available bandwidth. Because it supports the HTTP protocol, it can be used to download almost any file, and Microsoft employs the technology for sending beta versions of its software such as Vista and Windows Server to testers.
But as Symantec points out, this can also include malicious content. "Why does malware use BITS for downloading files? For one simple reason: BITS service is part of the operating system, so it’s trusted and bypasses the local firewall while downloading files," researcher Elia Florio writes.
Traditionally, bypassing a firewall requires a number of complicated tricks, including automating accept messages or disabling the service completely. Trojans such as Win32/Jowspry are already using this download method.
There is no real fix for the issue, as BITS performs the downloads without any verification. But Symantec recommends "the BITS interface should be designed to be accessible only with a higher level of privilege, or the download jobs created with BITS should be restricted to only trusted URLs."
For its part, Microsoft notes that Windows Update itself is not the real culprit and that the Trojan must first be installed onto a system before it can utilize BITS. The company stopped short of saying whether it intends to make any changes to BITS as a result of the Symantec report.
Is SYMC still smarting after the pre Vista run-in? Come out with a Norton 361 while your at it :)
Score: 0
|How silly can Symantec be? They should be working on fixing their Antivirus products instead of this sort of misinformation.
I can envisage their next bulletin:
"Your web browser can be used for downloading illegal files."
Score: 0
|any publicity is better than no publicity.
Score: 0
|Perfect! Just what I need. MORE s*** FROM MICROSOFT!
Just when I thought things were getting better. Nope. Never I'm told.
||||||||||||||||||||||||||||||||||||||||||||||||
Balls.
Score: 0
|Amazingly nobody holds a gun to your head to use a platform. Just use Linux, or, god forbid, OSX.
Score: 0
|OR here's a better thought, now stay with me on this one it might get difficult but, if you don't get viruses and don't download stupid things you shouldn't be, this is a non issue.
Everyone always refers to mac or linux as the fix it solution and its not because that means said user needs to reinvest and start over, which a lot (most) do not want to do nor do they want to buy additional hardware.
Score: 0
|the last 2 linies calmed me down again because bits can only be used from program already installed on the machine.
so if you have a trojan that uses BITS well you already got a trojan..
then the symantec product didnt work.. did it
Score: 0
|Ehh, only malware? This app is old too: http://www.request-respo...-97b0-bdfdea4fb4f8.aspx and there are some similar tools
Score: 0
|Shock and Awwwe!!!
Score: 0
|Shock! Horror! A file transfer system can .. transfer files! Lock up your daughters!
The whole POINT of BITS is that it downloads files in the background and is part of the OS.
It's what you DO with the file once you download it, no?
Score: 0
|I've known about this for a few years now...
Score: 0
|You want a cookie?
Score: 0
|Yes, yes I do.
Score: 0
|