Malware piggybacks on Windows updates

Who says there's no such thing as a free ride? Ask the Trojan that's been piggybacking on a Windows update component to do its dirty deeds.

Who says there's no such thing as a free ride?

Just ask the 100,000 or so folks who've been infected with malware that has piggybacked on Windows updates, according to a report by security research firm Symantec.

According to the report, a recent Trojan began circulating in March via spammed German email. The Trojan used an "interesting" technique to download malicious files, according to the report. Its method of attack was by way of a Windows component, also known as Background Intelligent Transfer Service (BITS), to do its dirty deeds.

The trouble, however, is Windows updates rely on BITS as its main service for downloading patches and keeping the operating system humming along. And because the BITS service is part of Windows OS, it?s trusted and can bypass the local firewall as it downloads files.

Get the picture.

Javier Santoyo, manager at Symantec's Security Response Center, had this analogy: imagine someone opening a door with a legitimate access badge and an attacker tailgating them to enter the building.

Microsoft weighed in with its comments.

The software giant stated that users would have already had to have been duped, via social engineering, into allowing the TrojanDownloader:Win32/Jowspry to infect their system. Once infected, the Trojan utilizes BITS to download additional malware.

And so it goes, unless an infected user scans their system and removes all variants of the Trojan, Microsoft notes.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Tech industry's high-flying 2014
Uber's tumultuous ups and downs in 2014 (pictures)
The best and worst quotes of 2014 (pictures)
A roomy range from LG (pictures)
This plain GE range has all of the essentials (pictures)
Sony's 'Interview' heard 'round the world (pictures)