Trojans use Windows Update downloader
The Trojan downloader TrojanDownloader:Win32/Jowspry entrusts the Background Intelligent Transfer Service (BITS), which is for example responsible for downloading Windows updates, with downloading further malware modules.
Previously malware was forced to go to considerable lengths to evade detection by personal firewalls. Some trojan downloaders automatically send accept messages to the firewall window, remotely control other applications, such as Internet Explorer or inject their own code into other programs which do have network access privileges. The tactic of using mechanisms integrated within Windows to circumvent the firewall rather than programming their own download routines is novel.
It is not presently possible to restrict use of this service by third party software or virus creators. Although this is not a "bug" as such, it should be considered a critical design flaw. The security of Windows can be compromised unless the update manager is disabled. In either case the user suffers unwarranted exposure.
- Malware Update with Windows Update, entry in Symantec's research blog