BITS, the Microsoft Background Intelligent Transfer Service used for pushing out OS updates among other things can be turned to the dark side in a rather nasty way. When cleaning up an infect network, security professionals stumbled upon a nasty discovery, a compromised machine with no sign of an infection vector except in the BITS database. The malware came in through the usual channel but once installed it used a BITS task to clean up any traces of the installation from temp files and the registry and then delete itself, leaving an infected machine with almost no traces of where the infection came from or is residing. The Register offers advice on how to check suspicious machines in their story.
"While working on a customer clean-up project, SecureWorks staff found that attackers had created self-contained BITS tasks that didn't appear in the registries of affected machines, and their footprints were limited to entries on the BITS database."
Here is some more Tech News from around the web:
- Microsoft's mobile device management meltdown @ The Register
- Broadcom sues Sony over MPEG, wireless etc patents in PlayStation 4 @ The Register
- BlackBerry Hands Over User Data To Help Police 'Kick Ass,' Insider Says @ Slashdot
- Microsoft clones Trello, smuggles it into Office @ The Register
- Ubuntu 16.10 To Be Powered By Linux Kernel 4.8 @ Slashdot
- Google co-founder Larry Page probably has secret flying car factories @ The Inquirer