Microsoft has said it is aware of at least one program in circulation that can hijack a key component of Windows Update in order to bypass a firewall and introduce malicious software onto a computer undetected.
The malware infects the Background Intelligent Transfer Service (BITS) within Windows Update. "Using BITS to download malicious files is a clever trick because it bypasses local firewalls, as the download is performed by Windows itself, and does not require suspicious actions for process injection," said Elia Florio, a researcher at security firm Symantec, reported the BBC.
Microsoft insists that for the Firewall to be bypassed, systems must already have been affected by the trojan: "The bypass relies on [Jowspry] already being present on the system; it is not an attack vector for initial infection,” said a spokesperson from the software giant. “The bypass most commonly occurs after a successful social engineering attempt lures the user into inadvertently running [Jowspry], which then utilizes BITS to download additional malware."
Microsoft recommends that anybody who thinks they may have been infected with the Jowspry trojan should visit Windows Live OneCare safety scanner.