__/ [ AB ] on Saturday 12 May 2007 00:29 \__
> http://www.internetnews.com/security/article.php/3677201
>
> UPDATED: Tens of millions of Microsoft users get their security
> updates from the Microsoft Update service. But a researcher at
> security firm Symantec (Quote) is alleging that users could
> potentially get something more than they bargained for.
>
> A Symantec researcher said that Microsoft Update, which includes a
> component called Background Intelligent Transfer Service (BITS),
> could potentially be used by hackers to bypass security measures and
> attack users' PCs. BITS runs in the background on a Windows PC as an
> asynchronous download service for patch updates.
>
> A Microsoft spokesperson confirmed to internetnews.com that
> Microsoft is aware of public reports that BITS is being used by
> TrojanDownloader:Win32/Jowspry to bypass policy-based firewalls in
> order to install additional malware.
>
> All you Windozers need to keep up with your patches so you're safe. Be
> good little boys and whatever else you are and go get all of your
> updates so you can "safely" browse the internet and download your
> warez.
>
> According to Microsoft, the bypass relies on TrojanDownloader:Win32/
> Jowspry already being present on the system; it is not an attack
> vector for initial infection. The bypass most commonly occurs after
> a successful social-engineering attempt lures the user into
> inadvertently running TrojanDownloader:Win32/Jowspry, which then
> utilizes BITS to download additional malware.
>
> .....
>
> Using BITS to download malicious files is a clever trick because it
> bypasses local firewalls, as the download is performed by Windows
> itself, and does not require suspicious actions for process
> injection, Symantec researcher Elia Florio wrote on the Symantec
> Security Response blog.
>
> According to Florio, there is no workaround for a BITS-based attack
> and it is difficult to manage what should not be downloaded by BITS.
>
> Any bets on how long before it's patched? Anybody here believe it *can*
> be patched?
I think the design is to blame here, so one might have to patch the patching
module. I'll admit that I wonder how long it will take Redmond folks to
realise that things like WGA forms, just like updates and other 'goodies',
give a piggyback ride to malicious things. I mean, credit card forms showing
up on your desktop? Who can you trust with so many zombies out there?
Attempts to turn an /operating/ system into a /delivery/ systems/ have
become costly.
--
~~ Best regards
Roy S. Schestowitz | #ff0000 Hot Chilli Peppers
http://Schestowitz.com | GNU is Not UNIX | PGP-Key: 0x74572E8E
roy pts/7 Sun May 13 11:36 - 11:39 (00:02)
http://iuron.com - proposing a non-profit search engine
|
|
