« Podcast: Most Computer Users Have a False Sense of Security - A Discussion with Panda Software | Main | Cost of TJX Data Breach to Date »

Brain Kreb’s recent blog at Security Fix details how cyber-thieves have figured out a way to infiltrate Microsoft’s security patch delivery process so they can sneak their malware right past security and onto your computer.

Last week security researcher Frank Boldewin published a paper regarding an attack he had witnessed in March from an email he had received from Germany. The attached file was a Trojan horse program designed to enable other malicious programs to be downloaded. This program used BITS, or background intelligent transfer service, which is used by the Windows automatic updating feature to gain access to a system.

BITS is also designed so that it will even resume downloading an incomplete file if the transmission has been interrupted in any way. As Kreb says, the real danger is that the firewall will not detect the outgoing connection once the malware tries to download a second-stage virus.

And while testing this exploit, Kreb’s found that it easily bypassed ZoneAlarm Free, it was unsuccessful against a Windows XP system running under a limited user account. To read more, go here.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1861