Attackers have found a new way to exploit the Widows Background Intelligent Transfer Service (BITS) which is being used to infect and reinfect targeted PCs with malware even after the initial infection has been removed.
According to security researchers at Dell SecureWorks, attackers are exploiting a lesser-known BITS “notification” feature. The feature allows attackers to create a re-occurring task to download and install malware even after the original malware is extracted.
BITS is used by Windows Update and third-party software for application updates. The service has a long history of being abused by attackers dating back to 2007. And even up until today, BITS is still an attractive feature for hackers because the Windows component includes the ability to retrieve or upload files using an application trusted by host firewalls, said Matthew Geiger, Sr. security researcher for SecureWorks’ Counter Threat Unit.