Microsoft released the BITS (Background Intelligent Transfer Service) in Windows XP to coordinate and ease uploading and downloading files with large size. Systems and applications component, specifically update in Windows, use this BITS feature to provide application updates and OS so that they can work in minimal user disruption. BITS interact with applications to make jobs with one or more application to download or upload. The BITS feature operates in service and it can make transfers happen at any time. A local database stores file, state and job info.
How the hackers exploit BITS?
The BITS, like every other technology, is used by applications and exploited by hackers. When harmful apps make BITS jobs, the files are uploaded and downloaded in the service host process context. This helps hackers to avoid firewall detection that may stop suspicious or unusual activities, allowing the attacker to hide the application that requests the transfer. Besides this, the transfers in BITS can be scheduled for later, which allows them to happen at given times, saving the hacker from depending on task-scheduler or long-running processes.
Transfers in BITS are asynchronous, resulting in a situation where the apps that made jobs may not be working after the transfers that are requested are complete. Addressing this situation, these jobs in BITS can be made through a notification command that is user-specific. The command can be used in case of errors or after a job is complete. The BITS jobs linked with this notification command may authorize any command or executable to run. The hackers have exploited this feature and used it as a technique for continuously launching harmful app ..
Support the originator by clicking the read the rest link below.
