Hackers Hijack Windows Update's Downloader

OrangeCrate · 2007-05-10T21:28:37.000Z

[QUOTE]Hackers are using Windows Updates’ file transfer component to sneak malicious code downloads past firewalls, Symantec researchers said Thursday…
[/quote]
http://www.pcworld.com/article/id,131737-c,hackers/article.html

polonus · 2007-05-11T13:04:52.000Z

Hi malware fighters,

Alas it is being done, so what to do against it:
rename in SAFE MODE the following files
%systemroot%/Softwaredistribution ,and
%systemroot%/system32/Softwaredistribution
reboot, and tell your svhost problems good-bye!.

enjoy,

Damian

All this is because of a corrupt local windows update storage.

And for the hacker there is little to crack, It is there for the taking, 'cause it is just an ordinary API freely available…http://msdn2.microsoft.com/en-us/library/aa363160.aspx

The only “odd thing” about this whole story is that macreants did not think of abusing this feature before.

polonus

Lisandro · 2007-05-11T18:36:48.000Z

polonus post:2:

Alas it is being done, so what to do against it:

Against the malware?

polonus post:2:

rename in SAFE MODE the following files
%systemroot%/Softwaredistribution ,and
%systemroot%/system32/Softwaredistribution

Will them be rebuilt after a new Windows Update visit?

system · 2007-05-11T19:45:45.000Z

you know OrangeCrate…to error is human-and to forgive is human-and i have forgave you for the remarks and etc. in the past.
and the double posting of the same link and info is also a human error which we all do at some point in time on this forum.
no one is perfect!-except the one above :
have a nice one avast! world

(post edited)

OrangeCrate · 2007-05-11T19:57:42.000Z

Hey, nice find Dan Hayden!

IT’S THE SAME ARTICLE FROM THE ORIGINAL POST IN THIS THREAD.

Read links before posting please.

polonus · 2007-05-11T20:50:06.000Z

Hi you two,

But the analysis is mine, says Polonus, and he thanks Tech for his comment on it.
Well the renaming trick can be a circumventing technique for evil (e.g. in Vista),
and in this case for good.
It proofs once more that a lot of security to-day is security through obscurity basically,
when you start to think about it.
If it took them, Microhard, so long to build a new OS on top of the previous ones, and
while the insecurity is dependant on the specific architecture, a complete overhau -l also
because of compatability reasons - is infeasable to do.
They will never get out of the woods this way, I promish you my friends,
and serving up links to remind us of these facts won’t help us…
whether you read them topsy turvy or backwards around…

D

Lisandro · 2007-05-11T21:05:38.000Z

OrangeCrate post:5:

IT’S THE SAME ARTICLE FROM THE ORIGINAL POST IN THIS THREAD.

Calm down boy… no need to yell here. Please, keep the caps off.
I see no post of drhayden that is against anybody…
Peace 8)

Polonus

Tech post:3:

Will them be rebuilt after a new Windows Update visit?

Do you know the answer to my question?

polonus · 2007-05-11T21:43:53.000Z

Hi malware fighters,

That is what you get without the right permission system. Whether MS will patch it or not, will be their decision. Maybe, maybe not. It has been abused for quite some time now, until the information was finally leaked. And this cannot be stopped by the local firewall. so firewall can be circumvented if something masquerades as something else. The title of the thread is false, because it is not the update service but BITS that is being abused. BITS can be used as an alternate way to download, when you do not want to over-stretch your bandwidth, using the command promt or via a free proggie WINBITS.

polonus

polonus · 2007-05-13T17:49:35.000Z

Hi malware fighters,

I will put this again clearly like it is, so everyone may understand this issue:

“One should not ask a user questions in a prompt that he or she has no way of
answering!”

Say thay you are taken to a hospital, and the doctor there
asks: “MrTech, shall we give you 10 mol/mg Thiotimolin
for four hours in combination with inhaling dihydromonxide”
“OK”, is you answer to him because you want to recover".
When they do this you are going to die, and when your next
of kin come to visit, the doctor says: “Well, he said yes to
the treatment, so he’s the only one to blame here”…

"Do you all understand now what this is all about?

It is very akward why the OS under certain circumstances
comes up with security related prompts. It is almost impossible
for the user to analyse the “chain of events” that has lead up
to this prompt being launched and what impacts are involved,
when you react to it in a certain way.

Who poses that kind of security prompts to a user
shows that the underlaying DESIGN IS STUPID, and
NO ONE THOUGHT OF THE CONSEQUENCES.

polonus

MikeBCda · 2007-05-15T19:14:21.000Z

Well put, polonus!

Those of us who’ve been around long enough to have worked a fair bit in DOS remember fondly when DOS 5 (I think it was) arrived and finally gave us some meaningful and sometimes even helpful error messages. No more “Bad command! Bad, B-A-A-D command!” b.s.

Announcements