Windows Updates open to malware

A trojan programme has been detected which uses Windows security patches to go under a computer’s radar.
Publish date:

Microsoft has said it is aware of at least one program in circulation that can hijack a key component of Windows Update in order to bypass a firewall and introduce malicious software onto a computer undetected.

The malware infects the Background Intelligent Transfer Service (BITS) within Windows Update. "Using BITS to download malicious files is a clever trick because it bypasses local firewalls, as the download is performed by Windows itself, and does not require suspicious actions for process injection," said Elia Florio, a researcher at security firm Symantec, reported the BBC.

Microsoft insists that for the Firewall to be bypassed, systems must already have been affected by the trojan: "The bypass relies on [Jowspry] already being present on the system; it is not an attack vector for initial infection,” said a spokesperson from the software giant. “The bypass most commonly occurs after a successful social engineering attempt lures the user into inadvertently running [Jowspry], which then utilizes BITS to download additional malware."

Microsoft recommends that anybody who thinks they may have been infected with the Jowspry trojan should visit Windows Live OneCare safety scanner.



Malware and Software Solutions

More than ever before, security software is needed. However, as Ben Furfie found when he investigated, more and more PC users are beginning to think they know enough to be secure without the need for dedicated software, just as criminals begin to use psychological methods to ensnare more than ever...