In association with heise online

15 May 2007, 14:42

Trojans use Windows Update downloader

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Trojan downloader TrojanDownloader:Win32/Jowspry entrusts the Background Intelligent Transfer Service (BITS), which is for example responsible for downloading Windows updates, with downloading further malware modules.

Previously malware was forced to go to considerable lengths to evade detection by personal firewalls. Some trojan downloaders automatically send accept messages to the firewall window, remotely control other applications, such as Internet Explorer or inject their own code into other programs which do have network access privileges. The tactic of using mechanisms integrated within Windows to circumvent the firewall rather than programming their own download routines is novel.

It is not presently possible to restrict use of this service by third party software or virus creators. Although this is not a "bug" as such, it should be considered a critical design flaw. The security of Windows can be compromised unless the update manager is disabled. In either case the user suffers unwarranted exposure.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit