Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hackers Hijack Windows Update's Downloader


  • Please log in to reply
2 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:48 AM

Posted 11 May 2007 - 07:09 AM

Hackers are using the file transfer component used by Windows Update to sneak malware past firewalls...Trojan makers have started to call on BITS to download add-on code to an already compromised computer. "For one simple reason: BITS is part of the operating system, so it's trusted and bypasses the local firewall while downloading files"...

computerworld.com
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:48 AM

Posted 15 May 2007 - 07:43 AM

Security experts have been predicting that virus writers would find a way to hijack Microsoft's security patch delivery process to slip their software onto users' computers. They were right...I should note that when I tried this exploit on a Windows XP system running under a limited user account, the attack did not succeed. So if you set up your Windows XP or 2000 machine to run under a limited account, even if you inadvertently download a Trojan, it is very unlikely that it will be able to finish its job.

blog.washingtonpost.com
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 HIPPO1023

HIPPO1023

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 18 May 2007 - 08:08 PM

I tried "Proof-of-Concept" from Frank Boldewin.

My System and Settings
OS : Windws XP SP2
Firewall : COMODO Personal Firewall
Anti-Virus : Avast! 4 Home
Windows Update : Manual update

When I downloaded "bitscode.zip", the archive of "Proof-of-Concept", both my Firewall and Anti-Virus caused no alert.
I executed "bitscode.exe". My Firewall popped up the dialog.
It showed me that SVCHOST is going to connect to outbound.
When I allowed it, I was shown the message of "Proof-of-Concept", "If you see this message and your firewall hasn't alerted you before downloading and executing this code, the firewall bypassing worked successfully!"
Of course, when I denied it, this program could not bypass my Firewall.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users