Malware authors subvert Windows Update

[The_Unbeliever]

http://www.theregister.co.uk/2007/05/11/vxers_subverts_windows_update/

Malware authors might be able to subvert components of Windows Update to distribute viruses, security researchers at Symantec warn.

Analysis by the security firm reveals that a recent Trojan distributed by email at the end of March 2007 used a Windows component named "BITS" (Background Intelligent Transfer Service) to download files.

"Using BITS to download malicious files is a clever trick because it bypasses local firewalls, as the download is performed by Windows itself, and does not require suspicious actions for process injection," Symantec researcher Elia Florio explains in a blog posting.

Looks like Sygate and Zonealarm won't be of any help in a situation like this...

Which means that you DO need a proper, dedicated hardware firewall, such as Smoothwall, to detect this type of activity...

 

[Boodles]

Well, i aint used windows update for quite a few years. SP's and the odd file upgrade works for me.

 

[LabAnimal]

because this warning came from Symantec, I think its just some bad PR they are throwing in the air against Microsoft because of the Whole Vista kernal thing they've been fighting about!