Hackers kidnap Windows Update to spread malicious code

Symantec security researchers warned hackers have now taken advantage of Windows Update's file transfer department to hack malicious code onto a PC without being detected by a firewall.

Symantec security researchers warned hackers have now taken advantage of Windows Update's file transfer department to hack malicious code onto a PC without being detected by a firewall.

The protocol of file transfer information in the background (BITS) is often used to download updated files to Windows Update PC. This protocol starts the application from the first version of Windows XP. Even Vista still applies this technology.

This is a form of automatic file transfer service that does not interfere with other network activities and has the ability to automatically restore in case the connection is disconnected.

Researcher Elia Florio, who quickly reacted to Symantec's emergency computer security situations, said that some Trojan programmers have now begun to apply the BITS service to help them. Download more about the malicious code on the infected system.

Picture 1 of Hackers kidnap Windows Update to spread malicious code
" Simply because BITS is a component of the operating system, it doesn't need to go through the firewall to check data ."

Usually malware when infected on the system often opens a backdoor to help us with other malicious code. This method requires them to take down the firewall. But this will make them very easily identifiable.

" I have to admit kidnapping Windows Updates is a great idea ," said Oliver Friedrichs, the team director who responded quickly to Symantech's emergency computer security situations. " Hackers kidnap a set of operating systems that help them update malicious code. But I think the idea that bypasses the firewall is not a new idea ."

Symantec found a way to take advantage of BITS on a Russian hacker forum late last year. Since then, the company has continuously researched this solution. In March, there was a trojan that applied this method to appear on the Internet.

" BITS not only allows them to bypass the firewall, but it is also a completely free solution with no effort to write download code for the trojan ," said Friedrichs director.

However, Mr. Friedrichs also confirmed that there is no clear evidence of Windows Updates being kidnapped. If this service has weaknesses, it must have been discovered long ago. " What we want to say here is the possibility that hackers can kidnap parts of the operating system to accomplish their own goals ."

Florio expert said there is no solution to prevent hackers from taking advantage of BITS. " Checking what BITS downloaded is not an easy thing to do. Perhaps it should be redesigned to allow users at a certain priority to use BITS paths ".

Microsoft currently has no official comment on this information.

Hoang Dung

Update 13 December 2018
« PREV
NEXT »
Category

Technology

Life

Discover science

Medicine - Health

Event

Entertainment