It seems there is always another way for attackers to sneak into your computer system. Presently some underhanded parties are abusing the Windows Background Intelligent Transfer System (BITS). After computer owners have their devices cleaned up with anti-virus software the BITS system is being misused to re-infect the machine.
BITS was created to transfer files when there was bandwidth available. The operator and computer continue to use the computer as normal; the BITS operates in the background to transfer information when the system is not too busy. There is a queue of jobs in BITS, with each job being given a certain amount of transfer time in succession. Each job in the queue has some of its data transferred, and leaves the queue when all its data is transferred.
Attackers and their malware are putting rogue jobs on the BITS. These rogue jobs would cause the computer to download malware that would then re-infect the device. Even after the computer was cleaned with an anti-virus programme the malware would soon reappear. The malware included a command that causes the BITS to keep downloading the malware and reinfect the system no matter how many times the malware was removed. Computer owners are understandable frustrated.
Computer windows event logs do list these malicious malware transfers, but the details are limited and the problem is often goes unnoticed. Another reason why the problems goes unnoticed is that BITS is considered a trusted service and not subject to the computer’s firewall. Owners find the malware keeps reappearing, and cannot understand why.
Repair specialist will have to find way to deal with computers that have malware tasks on their Background Information Transfer Systems. Clearing all the BITS jobs would be one way; hopefully there is nothing that needed to be transferred, but at least this will not affect the files already on the system. At worse, BITS jobs expire after 90 days, meaning a cleaned up computer offline for this long will stop longer download malware. Of course, going offline for so long is impractical. We need software to deal with this new backdoor to our computer systems.
At the first sign of problems have your computer checked by professionals. Even the latest anti-virus software may not protect against re-infection through the BITS.