Malware Hijacks Windows Update
Another nasty piece of malware that infects PCs and is completely un-detectable...yay

Virus writers may be able to smuggle malicious files onto a computer using Microsoft's security patch updates, experts say.

At least one program is in circulation that can hijack a key component of Windows Update to introduce malicious software that could be used to hijack a computer.

The method bypasses users' firewall, allowing files to download undetected.

Microsoft said it was aware of reports of the attack.

Using BITS to download malicious files is a clever trick because it bypasses local firewalls Elia Florio, Symantec

Security expert Frank Boldewin said on his website reconstructer.org that he had recently noticed an e-mailed trojan - a type of program or message that looks benign but conceals a malicious payload - which was exploiting a Windows program known as the Background Intelligent Transfer Service (BITS).

BITS is used by Microsoft to download security patches and updates to Windows machines. Because it is part of the operating system, it is able to bypass local firewalls while it downloads.

Mr Boldewin found the trojan was piggybacking on BITS to download malicious files. He published "proof of concept" code to illustrate how it went about it.

Read all about it here courtesy of news.bbc.com

Eric