Microsoft BITS (“Background Intelligent Transfer Service”) is a tool present in all modern Microsoft Windows operating systems. As the name says, you can see it as a “curl” or “wget” tool for Windows. It helps to transfer files between a server and a client but it also has plenty of interesting features. Such a tool, being always available, is priceless for attackers. They started to use BITS to grab malicious contents from the Internet. In May 2016, I wrote a diary about a piece of malware that already used BITS. But the tool has many more interesting features (for the good as well the bad guys) like executing a command once the download completed, it can also control the bandwidth used (to remain stealthy).