Security - ZDNet Australia By Dawn Kawamoto, CNET News.com
15 May 2007. Around 100,000 users have been infected with malware that has piggybacked on Windows updates, according to a report from security research firm Symantec.
A Trojan, which began circulating in March via spammed e-mail, used an "interesting" technique to download malicious files, said the report.
Its method of attack was by way of a Windows component, also known as Background Intelligent Transfer Service (BITS), to download the files.
The trouble, however, is Windows updates rely on BITS as its main service for downloading patches and keeping the operating system running smoothly. And because the BITS service is part of Windows OS, it's trusted and can bypass the local firewall as it downloads files.
Javier Santoyo, manager at Symantec's Security Response Center, used this analogy to describe the piggyback technique: "imagine someone opening a door with a legitimate access badge and an attacker tailgating them to enter the building".
Microsoft said that users would have already had to have been duped, via social engineering, into allowing the TrojanDownloader:Win32/Jowspry to infect their system. Once infected, the Trojan utilises BITS to download additional malware.
The pattern continues unless an infected user scans their system and removes all variants of the Trojan, according to the software giant.
