Researchers discovered an exploit against Background Intelligent Transfer Service (BITS), a component of Microsoft's Windows 2000 that is used to transfer files asynchronously between a client and a server. The malware authors used the BITS alert to download malware, and then launched the program, according to the Dell SecureWorks research team.
Once the malware's payload was completed, the script deleted itself. The malicious activity continued to persist after the malware had been eliminated.
“The poisoned BITS tasks, which created installation and clean-up scripts after their payloads were downloaded, were self-contained in the BITS job database, with no files or registry modifications to detect on the host,” a SecureWorks blog post stated.