p2pnet.net news:- A “curious technique” used by the Jowspry trojan to download malicious files has turned up in Germany.

It uses Windows security patches to sneak into systems.

Frank Boldewin analyzed a recent Trojans spammed by email in Germany in March, says Elia Florio in a Symantec report.

Boldewin, “figured out that the Trojan (detected as Downloader) was using an interesting technique to download files which involves a Windows component named ‘BITS’ (Background Intelligent Transfer Service),” says the story, going on, “BITS is the main service used by Windows Update to download patches and keep the operating system updated.”

Says the Microsoft Service Description, quoted in theeldergeek.com, BITS:

Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.

Bill and the Boyz say they know about at least one program that’s able to hijack a key component of Windows Update to bypass a firewall and introduce malicious software onto a computer undetected, says Symantec.

“Using BITS to download malicious files is a clever trick because it bypasses local firewalls, as the download is performed by Windows itself, and does not require suspicious actions for process injection,” Florio says.

According to Microsoft, “The bypass most commonly occurs after a successful social engineering attempt lures the user into inadvertently running [Jowspry], which then utilizes BITS to download additional malware.”

Microsoft, “recommends that anybody who thinks they may have been infected with the Jowspry trojan should visit Windows Live OneCare safety scanner,” says Symantec.

Slashdot it!

Also See:
Symantec – Malware Update with Windows Update, May 10, 2007

If your Net access is blocked by goverment restrictions, try Psiphon from the Citizen Lab at thIs the endSurvey: How Did Copyright Infringement Become Equated with Robbery? (of the Net) nigh?zze University of Toronto’s Munk Centre for International Studies. Go here for the official download, here for the p2pnet download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.

---

rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php | | And use free p2pnet newsfeeds for your site

---

Tired of being treated like a criminal? They depend on you, not the other way around. Don’t buy their ‘product’. Do bug your local politicians. Use emails, snail-mail, phone calls, faxes, IM, stop them in the street, blog. And if you’re into organizing, organize petitions, organize demonstrations and then turn up on your local political rep’s doorstep, making sure you’ve contacted your local tv/radio station/newspaper in advance. Don’t just complain. Do something!

This entry was posted on Wednesday, May 16th, 2007 at 8:36 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 8245 times