In a security report last month, Microsoft exposed the sLoad (Starsload) malware campaign that abuses the BITS component in Windows for malicious activities. But the malware operators quickly launched an upgraded sLoad 2.0 this month.
Even though the new sLoad version hasn’t changed much, but the fact that the sLoad authors shipped a new version in less than a month after getting exposed is concerning.
How sLoad malware works?
sLoad (Starsload) malware is basically a “malware downloader” or “malware dropper.” It mainly infects Windows PC with the intent of gathering information from infected systems. This stolen info is then sent to a command and control (C&C) server after which it receives instructions to download and install a second malware payload.
In short, sLoad is a delivery mechanism for more dangerous malware strains. It also helps the sLoad operators make money by offering pay-per-install space to other malware campaigns.
sLoad exploits Windows BITS
Even though malware downloaders are prevalent and not a matter of big concern, but Microsoft says that sLoad is a unique one owing to its level of sophistication and use of non-standard techniques for attack. But the most concerning one is the use of Windows BITS.
Background Intelligent Transfer Service or BITS is a component in Windows through which Microsoft sends updates to Windows users worldwide. The BITS service can detect whenever the user is not using the network connection. It utilizes this downtime to download Windows updates.
upgraded sload starsload malware exposed microsoft
 Malware Exposed By Microsoft){kind=link}