Microsoft's Windows Update has a component called Background Intelligent Transfer Service (BITS) that downloads updates while you're busy doing other things with your computer. If you get disconnected, the update will pick up where it left off when you get back on the network.

Sounds great, right? Well, generally it is. But since BITS is part of your operating system, your firewall doesn't really check to see what it's downloading. And while there is pretty much no risk of automatically downloading a virus or trojan through Windows Update under normal circumstances, hackers are starting to use BITS to download code to computers that have already been affected.

Say you click that file attachment in an email from an unknown source, expecting to see compromising photos of a young starlet. Turns out there's no photo, so you shrug and move on. Next thing you know, you're computer's trying to download all sorts of files to capture your passwords. Normally your firewall would help protect your computer from such attacks, but since BITS can fly under the radar, you may be out of luck.

According to a Symantec researcher there's no way to prevent hackers from using BITS right now, but Microsoft could redesign BITS to require a higher user level in order to work. Or Microsoft could only allow BITS to download files from trusted sources.