CYBERSPACE — Apple and Linux users often joke that the Windows operating system is a form of malware. While that may or may not be accurate, one thing that security experts agree on currently is the threat posed to Windows users by at least one crack circulating and capable of hijacking systems during the Windows Update process.Able to bypass firewalls, the program can overpower a key component involved in the Update process, allowing malicious code to download, undetected, onto the host computer.
Security expert Frank Boldewin says the hijacker is particularly nasty because the benign looking email Trojan is capable of exploiting the Background Intelligent Transfer Service (BITS) by piggybacking on it and thus slipping past computer defenses.
In his “proof of concept” paper on the topic, Boldewin explains how he uncovered the menace.
Elia Florio, a Symantec researcher, follows up on Boldewin’s work by stating in her blog that “Using BITS to download malicious files is a clever trick, because it bypasses local firewalls, as the download is performed by Windows itself, and does not require suspicious actions for process injection.”
Although Microsoft admits that it is aware of the issue, its representatives contend that only machines already infected by the Trojan are subject to the BITS vulnerability. “The bypass most commonly occurs after a successful social engineering attempt lures the user into inadvertently running Jowspry, which then utilizes BITS to download additional malware.”
As is traditional, Microsoft recommends that users avoid clicking on links or opening attachments that they are not certain came from a friendly source. Those whose machines may already be infected are encouraged to visit and use the Windows Live OneCare safety scanner.
