Malware, particularly Trojans that typically first open a back door to the system for follow-on code, needs to sidestep firewalls to bring additional malicious software -- a key logger, for instance -- to the PC. "[but] the most common methods are intrusive [and] require process injection or may raise suspicious alarms," said Florio.
"It is novel," said Oliver Friedrichs, director of Symantec's security response group. "Attackers are leveraging a component of the operating system itself to update their content. But the idea of bypassing firewalls isn't new."
Symantec first caught chatter about BITS on Russian hacker message boards late last year, Friedrichs added, and has been on the lookout for it since. A Trojan spammed in March was one of the first to put the technique into practice.
"The big benefit BITS gives them is that it lets them evade firewalls," said Friedrichs. "And it's also a more reliable download mechanism. It's free and reliable, and they don't have to write their own download code."