top logo


header divider
   Hello unlogged user XML Sitemap
header divider
 .in.na Registry
header divider
 .ws.na Registry
header divider
 .tv.na Registry
header divider
 .mobi.na Registry
header divider
 Link Directory
header divider
 Namibian Domain Registrar Monday, October 06, 2008  
header divider
top left
 Top News
top right
pixel
pixel
bottom leftpixelbottom right

top left
 News Topics
top right
pixel
pixel
bottom leftpixelbottom right

top left
 Main Menu
top right
pixel
pixel
bottom leftpixelbottom right

top left
 Online
top right
pixel
There are 3 unlogged users and 0 registered users online.

You can log-in or register for a user account here.
pixel
bottom leftpixelbottom right

  

SafariNow
top left
Articles: Malware 'hijacks Windows Updates'
top right
pixel
Posted by Admin on Wednesday, May 16, 2007 - 09:25 AM
pixel
pixel
EnviromentVirus writers may be able to smuggle malicious files o­nto a computer using Microsoft's security patch updates, experts say.
Windows update logo
The trojan could hijack Windows security patches
At least o­ne program is in circulation that can hijack a key component of Windows Update to introduce malicious software that could be used to hijack a computer.

The method bypasses users' firewall, allowing files to download undetected.

Microsoft said it was aware of reports of the attack.

Using BITS to download malicious files is a clever trick because it bypasses local firewalls
Elia Florio, Symantec

Security expert Frank Boldewin said o­n his website reconstruction.org that he had recently noticed an e-mailed trojan - a type of program or message that looks benign but conceals a malicious payload - which was exploiting a Windows program known as the Background Intelligent Transfer Service (BITS).

BITS is used by Microsoft to download security patches and updates to Windows machines. Because it is part of the operating system, it is able to bypass local firewalls while it downloads.

Mr Boldewin found the trojan was piggybacking o­n BITS to download malicious files. He published "proof of concept" code to illustrate how it went about it.

Not suspicious

After analysing this code Elia Florio, a researcher at security firm Symantec, wrote in her blog: "Using BITS to download malicious files is a clever trick because it bypasses local firewalls, as the download is performed by Windows itself, and does not require suspicious actions for process injection."

However, Microsoft said that for BITS to be exploited, machines first had to become infected with the trojan that Mr Boldewin discovered.

A spokesperson for the software giant said: "Microsoft is aware of public reports that Background Intelligent Transfer Service (BITS) is being used by TrojanDownloader:Win32/Jowspry to bypass policy-based firewalls in order to install additional malware.

"The bypass relies o­n [Jowspry] already being present o­n the system; it is not an attack vector for initial infection.

"The bypass most commonly occurs after a successful social engineering attempt lures the user into inadvertently running [Jowspry], which then utilizes BITS to download additional malware."

Security consultant Robert Schifreen told the BBC News website: "In some ways it is immaterial that it is using BITS.

"The simple message is not to get infected in the first place. Don't click o­n any links or attachments unless you are certain they are safe and use anti-virus software."

Microsoft recommended that anybody who thought they may have been infected with the Jowspry trojan should visit Windows Live o­neCare safety scanner.

pixel
bottom left
Printer-friendly page · 243 Reads · Send this story to someone
bottom right
 
header divider
  
header divider
Namibia Internet Gateway cc
Copyright 2007
Google
 
. - . - . - . - . - . - . - . - . - . - . - .  - . - . - . - . - . -  . - . -  . - . - . - .