Malware latches onto Windows updates

Around 100,000 users have been infected with malware that has piggybacked on Windows updates, according to a report from security research firm Symantec.

A Trojan, which began circulating in March via spammed email, used an "interesting" technique to download malicious files, said the report.

Its method of attack was to download the files by way of a Windows component, the Background Intelligent Transfer Service (BITS).

The trouble, however, is that Windows updates rely on BITS as the main service for downloading patches and keeping the operating system running smoothly. And, because the BITS service is part of Windows OS, it's trusted and can bypass the local firewall as it downloads files.

Javier Santoyo, manager at Symantec's Security Response Center, used this analogy to describe the piggyback technique: "Imagine someone opening a door with a legitimate access badge and an attacker tailgating them to enter the building."

Microsoft said that users would have already had to have been duped, via social engineering, into allowing the TrojanDownloader:Win32/Jowspry to infect their system. Once infected, the Trojan utilises BITS to download additional malware.

The pattern continues unless an infected user scans their system and removes all variants of the Trojan, according to the software giant.
Related Links:

• Go back to category System & Utilities to read more reviews and articles.
• Go back to Software Magazine's main page.