Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Hijacks Windows Update

Posted by CmdrTaco on from the you-trust-me-right-right-right dept.

clickclickdrone writes "The BBC are reporting a new piece of malware is in the wild that can hijack Windows Update's functionality and bypass firewalls allowing it to install malicious code on users PCs. The new code was discovered by Frank Boldewin in an email. The attack utilizes the BITS system."

2 of 209 comments (clear)

  1. Can you safely disable BITS? by guanxi · · Score: 3, Interesting
    I've considered disabling the BITS service before (i.e, via services.msc), especially since I usually run Windows Update manually. But I read hints that it may break other applications, including from Microsoft's documenation:

    You should not set the Startup Type to Disabled. Disabling BITS may break applications, such as Windows Update, that rely on BITS to transfer files.


    However, I've never found anything more specific -- does anyone know the consequences of disabling BITS?
  2. Re:Typical Microsoft response by Ravnen · · Score: 3, Interesting

    I think the issue is that this can help malware to hide itself on a machine it's already infected, by using this BITS service to silently bypass policy settings. BITS itself runs with 'SYSTEM' privileges (the closest thing to 'root' there is on Windows), but I can't tell from the article if malware run by a normal user can hijack BITS, or if it has to be run by an administrator. In the first case, I'd consider it a security vulnerability, but not in the second.