A security firm has warned that parts of Windows designed to download official patches and updates are being used to download malicious files.
Elia Florio, security response engineer at Symantec, said on a company blog that the Background Intelligent Transfer Service (Bits) in Windows had been used to download files to PCs infected with a Trojan.
"Using Bits to download malicious files is a clever trick because it bypasses local firewalls, as the download is performed by Windows itself and does not require suspicious actions for process injection," she said.
Florio also warned that there is currently no way to stop files being downloaded using this attack.
"At the moment there is no immediate workaround against this type of attack as it is not easy to check what Bits should download and not download," she said.
"Probably the Bits interface should be designed to be accessible only with a higher level of privilege, or the download jobs created with Bits should be restricted to only trusted URLs."
The Downloader Trojan that uses this attack was emailed out in spam messages in Germany at the end of March 2007.
Florio said that it was worth mentioning that the Bits download method is already well-documented in the underground and was posted as an "anti-firewall loader" example on a Russian forum at the end of 2006.
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23