within Windows Update can be used to piggyback malware into a computer. According to Symantec, Windows Update uses a service called the Background Intelligent Transfer Service, or BITS to download updates from Microsoft's servers.
The service uses COM application programming interface (API) for programmers, and according to Elia Florio of the Symantec Security Response Weblog
, hackers have started to take advantage of it.Because BITS is part of the operating system it is trusted and bypasses any firewalls.
Symantec has known about the BITS exploit since it was first discussed on a Russian message board at the end of 2006, the company did not see the technique being used in the wild until March of this year.