Site Network: | | Jongsma & Jongsma

It was only going to be a matter of time before attackers started using core system components to assist in the distribution and maintenance of malware. Automated Windows update software is being used against the system by attackers who are using it to install and manage their data.

Username: | Password: Contact us to request an account

Using the System Against Itself

Amongst other news being reported by Symantec at the moment (they are on a big PR push to improve the market's attitude towards their acquisition of Veritas), is news that they have detected malware that is using the software update service built in to Windows in order to download and install essential components of the malware. The fact that Symantec is hyping new anti-rootkit software is more than just coincidence.

Since the malware authors are using a key component of Windows to do the heavy lifting, it allows them to sneak the critical parts of their malware past any defences that might be in place (users can't have their firewall stopping the system from downloading their essential Windows updates). While the use of this system module is of concern for those developing defences against malware that might use it, it does represent a useful example of how difficult it is to establish the proper trust credentials, even for software that is embedded within the system and meant to only download system updates.

That concept might be at the core of how the problem could be resolved by a future patch - by limiting the functionality of the software to only downloading from trusted Microsoft locations (like some other Windows components already do), it would be possible to recover the original intended functionality for the component, without providing malware authors with such an easy way of moving their software onto a victim's system.

11 May 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.