Cyber Security News

An Old Windows OS Component “BITS” Exploited to Evade Windows Firewall

by

An Old Windows OS Component “BITS” Exploited to Evade Windows Firewall

Windows XP, Background Intelligent Transfer Service (BITS) that is still in use today in Windows 10, component of Microsoft Windows, which makes use of idle network bandwidth to facilitate the asynchronous transfer of files between machines. This is achieved by creating a job  a container that includes the files to download or upload.

BITS is commonly used to deliver operating system updates to clients as well as by Windows Defender antivirus scanner to fetch malware signature updates. Besides Microsoft’s own products, the service is also put to use by other applications such as Mozilla Firefox to enable downloads to continue in the background even when the browser is closed.

Malicious BITS jobs can be used to download/execute malware

Prevention: You can disable the “Background Intelligent Transfer Service” (BITS) services if you are not expecting any automatic windows updates.

There’s little reasons for any apps to use BITS instead of easily inspected http(s) transfer.

Disable Background Intelligent Transfer Service via Local Services

Stop Background Intelligent Transfer Service in Windows 10 is to change the startup type of Background Intelligent Transfer Service to “disabled” via Local Services. Now follow the below steps to turn off this service in your computer if you don’t need it.

Step 1. Press the Windows key and the R key at the same time on the keyboard, and then the Run dialog box will open. Type the text of service.msc in the blank and then tap on the OK button to open the Local Service window.

Step 2. Find out Background Intelligent Transfer Service and then double click it to open its properties.

Step 3. Click the down arrow button to expand the startup type menu and change its startup type to Disabled.

Disable Background Intelligent Transfer Service in System Configuration

In addition, you can also choose to stop BITS in Windows 10 from the System Configuration pane. This method is also very easy. Below are the instructions.

Step 1. Type system configuration in the Windows search bar and click the result of System Configuration.

Step 2. Go to the tab of Services, look for the Background Intelligent Transfer Service and uncheck the box next to it. Then click the button Apply and OK to save the settings.

Step 3. Restart your computer to make the changes take effect.

 

If you need assistance with this contact me.

Read The Full Article Here

Source: The Hacker News