preview.tinyurl.com/2dorvr -> www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9019118&intsrc=hm_list
Windows Vista, is an asynchronous file transfer service with automatic throttling -- so downloads don't impact other network chores. "It's a very nice component, and if you consider that it supports HTTP and can be programmed via COM API, it's the perfect tool to make Windows download anything you want," said Elia Florio, a researcher with Symantec's security response team, on the group's blog. Florio outlined why some Trojan makers have started to call on BITS to download add-on code to an already compromised computer. "For one simple reason: BITS is part of the operating system, so it's trusted and bypasses the local firewall while downloading files." Malware, particularly Trojans, which typically first open a back door to the system for follow-on code, needs to sidestep firewalls to bring additional malicious software -- a keylogger, for instance -- to the PC.
Oliver Friedrichs, director of Symantec's security response group. "Attackers are leveraging a component of the operating system itself to update their content. Symantec first caught chatter about BITS on Russian hacker message boards late last year, Friedrichs added, and has been on the lookout for it since. A Trojan spammed in March was one of the first to put the technique into practice. "The big benefit BITS gives them is that it lets them evade firewalls," said Friedrichs. It's free and reliable, and they don't have to write their own download code." Although BITS powers the downloads delivered by Microsoft's Windows Update service, Friedrichs reassured users that there was no risk to the service itself. "There's no evidence to suspect that Windows Update can be compromised. If it has a weakness, someone would have found it by now. "But this does show how attackers are leveraging components and becoming more and more modular in how they create software. They're simply following the trend of traditional software development," said Friedrichs. Florio noted that there's no way to block hackers from using BITS. "It's not easy to check what BITS should download and not download," he said, and then offered some advice for Microsoft. "Probably the BITS interface should be designed to be accessible only with a higher level of privilege, or the download jobs created with BITS should be restricted to only trusted URLs." Microsoft was unable to immediately respond to questions about unauthorized BITS use.
Go to the webcast Intrusion Protection Download this Executive Snapshot, compliments of Core Security, a $ 195 value, FREE! Meanwhile, hackers are doing a better and quicker job of exploiting vulnerabilities in corporate networks. Read this Computerworld report to learn about the capabilities of different types of firewall, IDS, and IPS tools, and best practices for deploying them. This report is available free (a $195 value) for a limited time.
Strategies for data center automation Join the Enterprise Strategy Group and Symantec Corporation for an evaluation of available data center automation options and a discussion of the best approach for your company.
In Security Spring fever means a job switch for our security columnist, but there's one aspect of spring cleaning he won't be worrying about -- tidying up his laptop before handing it back to HR.
Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. com and the respective logos are trademarks of International Data Group Inc.
|
http://csua.com/feed/