Malware Hijacks Windows Update 209
clickclickdrone writes "The BBC are reporting a new piece of malware is in the wild that can hijack Windows Update's functionality and bypass firewalls allowing it to install malicious code on users PCs. The new code was discovered by Frank Boldewin in an email. The attack utilizes the BITS system."
Correct link (Score:5, Informative)
Re:Typical Microsoft response (Score:5, Informative)
However, given the time I spend helping my less technical friends clean up their PCs you do definitely have a point!
A little overstated (Score:4, Informative)
Overblown (Score:5, Informative)
Completely misleading (Score:5, Informative)
BITS stands for "Background Intelligent Transfer Service" and is simply a way to download files using idle bandwith. It's fully documented in MSDN, see http://msdn2.microsoft.com/en-us/library/aa362708. aspx [microsoft.com], and among many things it's used by some browser downloading plugins (similar to DownloadThemAll) that enhance downloading of large files. It's not just used by Windows Update.
Do we need additional articles to state that a malicious program on a compromised machine could use FTP to download additional files? Or HTTP? Or BitTorrent? Or roll their own protocol?
Based on the article, it sounds like the only concern is that because BITS is a service (daemon in the Unix world), it means that firewalls or malware detection tools that attempt to block outgoing requests (which most don't; they block listening ports) may not currently detect this because it's not the malicious .EXE itself that's opening a port; it calls into BITS, which opens the port. However, the app still has to use a public API to instantiate the BITS object, so there's no reason such a program couldn't hook that as well.
Unfortunately the article summary (and headline of the BBC article!) completely misrepresents the issue and blows it way out of proportion. They are not Hijacking Windows Update. They're using a generic well-documented downloading service that also happens to be used by Windows Update simply because it enables WU to download updates without gobbling up all your bandwidth.
Re:Makes perfect sense (Score:5, Informative)