Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Operating Systems Software Windows

Malware Hijacks Windows Update 209

Posted by CmdrTaco from the you-trust-me-right-right-right dept.
clickclickdrone writes "The BBC are reporting a new piece of malware is in the wild that can hijack Windows Update's functionality and bypass firewalls allowing it to install malicious code on users PCs. The new code was discovered by Frank Boldewin in an email. The attack utilizes the BITS system."
This discussion has been archived. No new comments can be posted.

Malware Hijacks Windows Update More

Malware Hijacks Windows Update

Comments Filter:

  • Can you safely disable BITS? (Score:4, Interesting)

    by guanxi ( 216397 ) on Wednesday May 16, 2007 @11:04AM (#19145571)
    I've considered disabling the BITS service before (i.e, via services.msc), especially since I usually run Windows Update manually. But I read hints that it may break other applications, including from Microsoft's documenation [microsoft.com]:

    You should not set the Startup Type to Disabled. Disabling BITS may break applications, such as Windows Update, that rely on BITS to transfer files.


    However, I've never found anything more specific -- does anyone know the consequences of disabling BITS?

  • Re:Typical Microsoft response (Score:4, Interesting)

    by Ravnen ( 823845 ) on Wednesday May 16, 2007 @11:27AM (#19145963)
    I think the issue is that this can help malware to hide itself on a machine it's already infected, by using this BITS service to silently bypass policy settings. BITS itself runs with 'SYSTEM' privileges (the closest thing to 'root' there is on Windows), but I can't tell from the article if malware run by a normal user can hijack BITS, or if it has to be run by an administrator. In the first case, I'd consider it a security vulnerability, but not in the second.

  • I've always been curious... (Score:3, Interesting)

    by Belial6 ( 794905 ) on Wednesday May 16, 2007 @11:28AM (#19145987)
    I've always been curious (not enough to do the research I guess) what kind of security the windows update does to prevent someone from using control of DNS and or routers to get windows update to install malware. Given that people often use DNS and routers that the cannot really trust, is there something that prevents a bad guy from just redirecting all traffic that is attempting to hit MS's update site to their their own server that is set up to look like it is MS's update site? Given how many people have their laptops set up to do automatic updates, I would think that it would be easy to just take a loptop to a coffee shop, and watch as other patrons 'update' from your access point.

  • Snort (Score:2, Interesting)

    by anss123 ( 985305 ) on Wednesday May 16, 2007 @11:49AM (#19146373)
    I'm sitting here on Windows chuckling over so called geeks that don't understand the issue at hand. If a computer is compromised, then the software firewall can be disabled. The BITS stream that comes out of the comp can be emulated by software on Linux and Mac OS, to the same effect as Windows.

    The "news" here is that there is software capable of doing this, not that it can't be done. True, BITS is a protocol created to work around firewalls, but it is hardly the only protocol engineered to do that.

    Oh, and Mac's suck because they crash all the time. *ducks*

Slashdot Top Deals

Lots of folks confuse bad management with destiny. -- Frank Hubbard

Close