SCF Advanced Search

  • Total Posts: 40151
  • Total Topics: 14260
  • Online Today: 759
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Viruses Can Infect Windows Vista via the Windows Update Mech  (Read 2885 times)

0 Members and 1 Guest are viewing this topic.


  • SCF VIP Member
  • *****
  • Posts: 88
  • KARMA: 15
  • Gender: Male
    • Newsapp IT support Portal
The next time your Windows Vista operating system downloads and deploys updates, it could in fact install malicious code instead. Security company Symantec has warned that Windows platforms are susceptible to malware infection via the Windows Update mechanism.

Security researcher Frank Boldewin has revealed that Trojan horses spammed at the end of March 2007 were using a new technique to download malicious files on a system. The techniques involve making use of
Background Intelligent Transfer Service, a component of the Windows operating system, including Windows
Vista and Windows Server 2007 code-name Longhorn.

"Background Intelligent Transfer Service (BITS) transfers files (downloads or uploads) between a client and server and provides progress information related to the transfers. You can also download files from a peer," revealed Microsoft, and Elia Florio, Symantec Security Response Engineer commented that "BITS is the main service used by Windows Update to download patches and keep the operating system updated."

BITS is designed as an asynchronous download service, which does not impact the responsiveness of other network applications, functioning without consuming bandwidth to transfer patches, updates and additional files in the foreground or background. And since it can also automatically resume interrupted file transfers "it’s the perfect tool to make Windows download anything you want. Unfortunately, this can also include malicious files," Florio added.

Bypassing the local firewall is not an issue for BITS, as the service is in fact considered an integer part of the operating system. "Malwares need to bypass local firewalls but, usually the most common methods found in real samples are intrusive, require process injection or may raise suspicious alarms," Florio explained. "Using BITS to download malicious files is a clever trick because it bypasses local firewalls, as the download is performed by Windows itself, and does not require suspicious actions for process injection. In fact, the malicious Downloader sample in this case gets access to the BITS component via the COM interface with CoCreateInsance(), and it uses CreateJob() and AddFile() methods to configure the file to download and the destination path."

Symantec warned that there is no workaround available against attacks coming down BITS. The Cupertino-based company informed that the BITS download method is already a documented method as an antifirewall loader. Both the Windows Vista and Windows Server "Longhorn" operating systems currently include BITS version 3.0. Programs,Windows,News

Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising