Physician, heal thy self…

 In ITC's Threat of the Week

In a slightly whimsical edition this week, we will be looking into some instances where security focused best intentions are having rather ironic outcomes.

In our first piece we will look to the mighty propeller heads at Dell SecureWorks who have discovered that Microsoft’s BITS can be used to deliver malware. The irony here is that BITS (Background Intelligent Transfer Service) is the very vehicle used to distribute patches and anti-malware updates across the Redmond Range. Worryingly, Dell identified that the naughty code used BITS to tidy up after itself – verifying the download, checking it was launched and then deleting itself on completion. Sneaky eh? The sound advice is if ‘patched’ devices are still causing lots of alerts, check for poisoned BITS tasks. Read more here.

You may recall the alert raised by Switchzilla (copyright El Reg!) relating to a IPv6 neighbour packet discovery bug last week which is emerging as a new Ping of Death issue. Well, Gin based packet movers Juniper have announced that they have the same issue in their Junos OS. The second serving of irony here is that this issue in Junos could well trigger internal DDoS defenses, likely to drop both good and bad network neighbours. Both Juniper and Cisco have published advisories with either workarounds or new code (Juniper).

As ever, we advocate using robust monitoring & correlation combined with vulnerability management capabilities to help understand what is going on in your network so you can rapidly identify issues and fix them. If you would like to talk about clever ways of doing that, or anything raised in this post, please ping us an email at enquiries@itcsecure.com or call us on 020 7517 3900.

Author: Kevin Whelan

Recent Posts

Leave a Comment