Malware Hijacks Windows Update

May 17, 2007: According to a new report from Symantec, over 100,000 computers have been infected with a new type of malware that uses Micrsoft’s own Windows Update procedure to download malicious files.

As usual a user must be somehow tricked to install the software, but if this happens it slips itself into the Background Intelligent Transfer Service (BITS) service, usually gaining a clear path through firewalls and antivirus protection software.

“Using BITS to download malicious files is a clever trick because it bypasses local firewalls, as the download is performed by Windows itself,” notes Symatec in its security response blog.

Once installed the software begins to download more malicious code, resuming broken downloads if a machine is turned off or restarted.

The company notes that there is currently no workaround or patch for the vulnerability, so as always, prevention in the form of suspicion of unsolicited email and other messages is better than the cure.

Comment on this story