Malware Uses Windows Service To Reinstall Itself
An article review.
Even after removal, a hijhacked service can reinfect machines targeted with a new technique
News of a new malware technique comes from our friend Wes Pollard at Home Bank, who sent us an article about this interesting new threat.
Researchers at SecureWorks discovered the malware while responding to a customer incident last month, after complaints that nefarious network activity continued even after machines had been successfully cleaned by a security application. When the researchers looked into the issue they discovered that two unauthorized tasks had been entered into the Windows Background Intelligent Transfer Service, or BITS.
BITS is normally used by applications and the OS to install updates and as a system task it is trusted by the Windows firewall and allowed unimpeded network access, making it an excellent target for hackers. Even so, attacks utilizing BITS have been relatively rare since the first incidents were noted in 2007.
If you continue to see network activity related to malware even after cleaning it from your machines, researchers suggest listing all scheduled BITS tasks by entering the command bitsadmin /list /allusers /verbose from an administrator command prompt.
Original article by Lucian Constantin of IDG, writing for Computerworld.
Leave a comment
Experts warn that criminals may be trying to take advantage of the rush of shoppers… Read more
Recent revelations are a reminder of the risks associated with networked devices… An Read more
New Guidance On Business Continuity Is Now Available… An article review. As part of a Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more
Despite advances in automation, millions of additional people are still needed… An ar Read more