A Thought about the BITS vulnerability

I read an Infoworld article today that says that “Hackers are using Windows Updates’ file transfer component to sneak malicious code downloads past firewalls”. After trying to figure out what the writer was talking about, I went to the source, a Symantec blog entry. This made a BIT more sense.
The Infoworld article left me thinking this was a corporate firewall bypass. That didn’t make a lot of sense because many enterprises aren’t scanning HTTP and FTP anyway, so the use of BITS doesn’t change that. The Symantec blog was a bit clearer that this is a personal firewall bypass.
Parlor trick or serious problem? I guess I’d be more worried about how the computer got infected initially. Flashy article titles makes this problem seem worse than it is.

3 Comments

  1. Yeah this one’s been hard to figure out. BBC reported a wild trojan, and somehow (slashdot?) I got pointed to http://www.reconstructer.org — a very interesting-looking website about malware investigation, but very difficult to understand there whether this guy discovered the trojan, or just wrote a proof-of-concept. In any event, you got the main point, a local program can use BITS to download files without being blocked by a local app firewall.

Comments are closed.