Humpty Posted May 11, 2007 Share Posted May 11, 2007 Malware, particularly Trojans that typically first open a back door to the system for follow-on code, needs to sidestep firewalls to bring additional malicious software -- a key logger, for instance -- to the PC. "[but] the most common methods are intrusive [and] require process injection or may raise suspicious alarms," said Florio. "It is novel," said Oliver Friedrichs, director of Symantec's security response group. "Attackers are leveraging a component of the operating system itself to update their content. But the idea of bypassing firewalls isn't new." Symantec first caught chatter about BITS on Russian hacker message boards late last year, Friedrichs added, and has been on the lookout for it since. A Trojan spammed in March was one of the first to put the technique into practice. "The big benefit BITS gives them is that it lets them evade firewalls," said Friedrichs. "And it's also a more reliable download mechanism. It's free and reliable, and they don't have to write their own download code." Article Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now