Microsoft security patches include hidden malware?

By Stevie Smith May 18, 2007, 15:04 GMT

With a reported 40 million copies of Microsofts new Windows Vista operating system finding a way onto the waiting computer systems of global consumers, along with boastful claims that Vista is the most secure operating system in existence, it comes as somewhat of an irony-laced shock to learn that malicious files could well be secreting themselves on our computers via nothing less than Microsofts official security patches.

According to computer experts quoted in a BBC report, nefarious virus creators are apparently attempting to squeeze damaging malware onto the computers of unwitting Windows users when they receive periodic security updates directly issued by Microsoft Corporation. The report reveals that at least one such program is known to be circulating thats able to piggyback the Windows Update in order to deliver dangerous software capable of ceasing control of the host system.

Further to that known instance, security specialist Frank Boldewin of has recently posted that hes tracked a Trojan virus, delivered by an innocuous and seemingly harmless e-mail, that he found to be exploiting the Windows BITS (Background Intelligent Transfer Service) program, which is used by Windows Update to permissibly skip past system security and firewall protection, in order to infect supposedly secure computers.

Using BITS to download malicious files is a clever trick because it bypasses local firewalls, commented Symantec researcher Elia Florio after analysing Boldewins findings, the download is performed by Windows itself, and does not require suspicious actions for process injection.

However, while Redmond-based Microsoft Corp. acknowledges reports of the attacks in the first instance of this article, it maintains that the Windows BITS program cannot be used for piggybacking by malicious code unless the host system is already infected with the latter Trojan.

Microsoft is aware of public reports that Background Intelligent Transfer Service (BITS) is being used by TrojanDownloader:Win32/Jowspry to bypass policy-based firewalls in order to install additional malware, offered an official spokesperson for the American software giant. The bypass relies on [Jowspry] already being present on the system; it is not an attack vector for initial infection The bypass most commonly occurs after a successful social engineering attempt lures the user into inadvertently running [Jowspry], which then utilizes BITS to download additional malware.

However, exactly how users systems are eventually becoming infected to the point of total hijack is largely inconsequential. Beyond users exercising common sense with any and all unknown e-mails, core responsibility now falls to Microsoft to erase any such exploitation of its BITS program preinstalled Trojan-assisted or otherwise so that Windows users can sustain total system control, and those investing in Vista can continue to place faith in Microsofts claims of most secure operating system.

Microsoft suggests that anyone suspecting their system may have become infected by the above mentioned Jowspry Trojan should pay a visit to the Windows Live OneCare safety scanner. … en_malware