Malware 'hijacks Windows Updates'

V_R

¯\_(ツ)_/¯
Moderator
Joined
Jan 31, 2005
Messages
13,573
Reaction score
1,888
Virus writers may be able to smuggle malicious files onto a computer using Microsoft's security patch updates, experts say.

At least one program is in circulation that can hijack a key component of Windows Update to introduce malicious software that could be used to hijack a computer.

The method bypasses users' firewall, allowing files to download undetected. Microsoft said it was aware of reports of the attack.

Security expert Frank Boldewin said on his website reconstructer.org that he had recently noticed an e-mailed trojan - a type of program or message that looks benign but conceals a malicious payload - which was exploiting a Windows program known as the Background Intelligent Transfer Service (BITS). BITS is used by Microsoft to download security patches and updates to Windows machines. Because it is part of the operating system, it is able to bypass local firewalls while it downloads.

BBC
blog.washingtonpost.com
 
This isn't new, but because someone has an active exploit of it, it is now of major concern. :rolleyes:

As it is with nearly all these "exploits" one must first download the Trojan in the first place ... so folks, you should know the drill by now ... clunk-click gets you a free ticket to the funny farm. :D

"The simple message is not to get infected in the first place. Don't click on any links or attachments unless you are certain they are safe and use anti-virus software."

Easier said than done, but I wonder why I will not be surprised to see more people with more problems. ;)


user.gif
 
Back
Top