A fresh analysis of the trojan sLoad sheds light on the growing trend of advanced malware living off the land of a targeted system and evading detection. The malware uses the Background Intelligent Transfer Service (BITS) component of Windows as a key piece of its attack methodology. The hallmark of sLoad is its penchant for spying on system information and learning about a target before delivering its payload. sLoad has been seen delivering a variety of payloads, including the Ramnit and Ursnif banking trojans, Gootkit and PsiXBot.
Source: https://threatpost.com/sload-spying-payload-delivery-bits/151120/