Malware latches onto Windows updates
Published: 15 May 2007 09:37 BST
Around 100,000 users have been infected with malware that has piggybacked on Windows updates, according to a report from security research firm Symantec.
A Trojan, which began circulating in March via spammed email, used an "interesting" technique to download malicious files, said the report.
Its method of attack was to download the files by way of a Windows component, the Background Intelligent Transfer Service (BITS).
Vista Upgrade Blog
Grappling with the OS
How is the switch to Vista affecting your workplace? Take a look at our new group blog and share your pain and praise.
The trouble, however, is that Windows updates rely on BITS as the main service for downloading patches and keeping the operating system running smoothly. And, because the BITS service is part of Windows OS, it's trusted and can bypass the local firewall as it downloads files.
Javier Santoyo, manager at Symantec's Security Response Center, used this analogy to describe the piggyback technique: "Imagine someone opening a door with a legitimate access badge and an attacker tailgating them to enter the building."
Microsoft said that users would have already had to have been duped, via social engineering, into allowing the TrojanDownloader:Win32/Jowspry to infect their system. Once infected, the Trojan utilises BITS to download additional malware.
The pattern continues unless an infected user scans their system and removes all variants of the Trojan, according to the software giant.
Did you find this article useful?
51 out of 56 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
