Hackers kidnap Windows Update to spread malicious code
Symantec security researchers warned hackers have now taken advantage of Windows Update's file transfer department to hack malicious code onto a PC without being detected by a firewall.
Symantec security researchers warned hackers have now taken advantage of Windows Update's file transfer department to hack malicious code onto a PC without being detected by a firewall.
The protocol of file transfer information in the background (BITS) is often used to download updated files to Windows Update PC. This protocol starts the application from the first version of Windows XP. Even Vista still applies this technology.
This is a form of automatic file transfer service that does not interfere with other network activities and has the ability to automatically restore in case the connection is disconnected.
Researcher Elia Florio, who quickly reacted to Symantec's emergency computer security situations, said that some Trojan programmers have now begun to apply the BITS service to help them. Download more about the malicious code on the infected system.
" Simply because BITS is a component of the operating system, it doesn't need to go through the firewall to check data ."
Usually malware when infected on the system often opens a backdoor to help us with other malicious code. This method requires them to take down the firewall. But this will make them very easily identifiable.
" I have to admit kidnapping Windows Updates is a great idea ," said Oliver Friedrichs, the team director who responded quickly to Symantech's emergency computer security situations. " Hackers kidnap a set of operating systems that help them update malicious code. But I think the idea that bypasses the firewall is not a new idea ."
Symantec found a way to take advantage of BITS on a Russian hacker forum late last year. Since then, the company has continuously researched this solution. In March, there was a trojan that applied this method to appear on the Internet.
" BITS not only allows them to bypass the firewall, but it is also a completely free solution with no effort to write download code for the trojan ," said Friedrichs director.
However, Mr. Friedrichs also confirmed that there is no clear evidence of Windows Updates being kidnapped. If this service has weaknesses, it must have been discovered long ago. " What we want to say here is the possibility that hackers can kidnap parts of the operating system to accomplish their own goals ."
Florio expert said there is no solution to prevent hackers from taking advantage of BITS. " Checking what BITS downloaded is not an easy thing to do. Perhaps it should be redesigned to allow users at a certain priority to use BITS paths ".
Microsoft currently has no official comment on this information.
Hoang Dung
- Online video is used to spread malicious code
- The US website contains 63% of the malicious code
- Hackers spread malicious code to attack Winamp
- Video: WannaCry's terrifying spread rate
- Appear malicious code to attack Windows Help error
- Hackers disable Windows Firewall
- Publish malicious code to attack Windows Mobile
- Prevent Microsoft from automatically downloading Windows 10 updates
- Website of ASUStek circuit board firm is attacked by hackers
- The malicious code attached to the DNA infects the computer itself
What is the Snapdragon SiP chip? How to create a yellow circle around the mouse cursor on Windows Edit the Boot.ini file in Windows XP 3 ways to restart the remote computer via the Internet Vietnam computer market: Looking back a year How to restore deleted applications on Android How to increase the capacity of C drive on Windows 10, 8, 7 ... 8 security features of Windows operating system