AplusWebMaster
2007-05-15, 00:49
FYI...
- http://preview.tinyurl.com/24vtqw
May 10, 2007 (Computerworld) - "Hackers are using the file transfer component used by Windows Update to sneak malware past firewalls, Symantec researchers* said today. The Background Intelligent Transfer Service (BITS) is used by Microsoft Corp.'s operating systems to deliver patches via Windows Update. BITS, which debuted in Windows XP and is baked into Windows Server 2003 and Windows Vista, is an asynchronous file transfer service with automatic throttling -- so downloads don't impact other network chores. It automatically resumes if the connection is broken... Microsoft was unable to immediately respond to questions about unauthorized BITS use."
* http://preview.tinyurl.com/2dfohl :fear:
- http://blog.washingtonpost.com/securityfix/2007/05/malware_using_microsoft_patch.html
May 14, 2007 ~ "...BITS is designed to resume downloading an unfinished file even after a user restarts or logs off of Windows. As soon as the system restarts or regains Internet connectivity, BITS can pick up where it left off. Additionally, the sender can determine whether the entire file transfer completed successfully by setting a special code on the transfer. The real danger is -- assuming the Trojan sneaks past a user's anti-virus software -- the user's software firewall likely would not detect the outgoing connection when the victim's machine starts downloading the second-stage payload. That's because BITS is a legitimate system service that the firewall would allow by default or the user long ago allowed it permanent access in and out a firewall... I should note that when I tried this exploit on a Windows XP system running under a limited user account, the attack did not succeed. So if you set up your Windows XP or 2000 machine to run under a limited account, even if you inadvertently download a Trojan, it is very unlikely that it will be able to finish its job."
;)
- http://preview.tinyurl.com/24vtqw
May 10, 2007 (Computerworld) - "Hackers are using the file transfer component used by Windows Update to sneak malware past firewalls, Symantec researchers* said today. The Background Intelligent Transfer Service (BITS) is used by Microsoft Corp.'s operating systems to deliver patches via Windows Update. BITS, which debuted in Windows XP and is baked into Windows Server 2003 and Windows Vista, is an asynchronous file transfer service with automatic throttling -- so downloads don't impact other network chores. It automatically resumes if the connection is broken... Microsoft was unable to immediately respond to questions about unauthorized BITS use."
* http://preview.tinyurl.com/2dfohl :fear:
- http://blog.washingtonpost.com/securityfix/2007/05/malware_using_microsoft_patch.html
May 14, 2007 ~ "...BITS is designed to resume downloading an unfinished file even after a user restarts or logs off of Windows. As soon as the system restarts or regains Internet connectivity, BITS can pick up where it left off. Additionally, the sender can determine whether the entire file transfer completed successfully by setting a special code on the transfer. The real danger is -- assuming the Trojan sneaks past a user's anti-virus software -- the user's software firewall likely would not detect the outgoing connection when the victim's machine starts downloading the second-stage payload. That's because BITS is a legitimate system service that the firewall would allow by default or the user long ago allowed it permanent access in and out a firewall... I should note that when I tried this exploit on a Windows XP system running under a limited user account, the attack did not succeed. So if you set up your Windows XP or 2000 machine to run under a limited account, even if you inadvertently download a Trojan, it is very unlikely that it will be able to finish its job."
;)