Malware piggybacks on Windows updates

Who says there's no such thing as a free ride?

Just ask the 100,000 or so folks who've been infected with malware that has piggybacked on Windows updates, according to a report by security research firm Symantec.

According to the report, a recent Trojan began circulating in March via spammed German email. The Trojan used an "interesting" technique to download malicious files, according to the report. Its method of attack was by way of a Windows component, also known as Background Intelligent Transfer Service (BITS), to do its dirty deeds.

The trouble, however, is Windows updates rely on BITS as its main service for downloading patches and keeping the operating system humming along. And because the BITS service is part of Windows OS, it?s trusted and can bypass the local firewall as it downloads files.

Get the picture.

Javier Santoyo, manager at Symantec's Security Response Center, had this analogy: imagine someone opening a door with a legitimate access badge and an attacker tailgating them to enter the building.

Microsoft weighed in with its comments.

The software giant stated that users would have already had to have been duped, via social engineering, into allowing the TrojanDownloader:Win32/Jowspry to infect their system. Once infected, the Trojan utilizes BITS to download additional malware.

And so it goes, unless an infected user scans their system and removes all variants of the Trojan, Microsoft notes.