Scythe Mugen 5 Rev.C CPU Cooler review
be quiet Pure Loop 2 FX 280mm LCS review
HP FX900 1 TB NVMe Review
Scythe FUMA2 Rev.B CPU Cooler review
SK Hynix Platinum P41 2TB M.2 NVMe SSD Review
Corsair K70 RGB PRO Mini Wireless review
MSI MPG A1000G - 1000W PSU Review
Goodram IRDM PRO M.2 SSD 2 TB NVMe SSD Review
Samsung T7 Shield Portable 1TB USB SSD review
DeepCool LS720 (LCS) review
Hackers Hijacked ASUS Software Updates and Installed Backdoors on Many PC's and Laptops
Asus Live Update software installed on laptops and PCs from the Taiwanese manufacturer contained a backdoor between June and November 2018. Malicious folks this way could install malware on specific systems. The malware was targeted at specific mac addresses though?
Kaspersky discovered the presence of the backdoor in January and informed Asus at the end of that month. According to security researchers, the update software was infected with a backdoor in the timeframe of June up-to November 2018. Kaspersky has named this attack 'ShadowHammer' and has put a tool online for users to check whether their Asus laptop contains the backdoor.
They also created a page on which users can verify if their mac address is included on the list of targets. ASUS is believed to have pushed this malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company's server and used it to push the malware to machines. From the report posted at motherboard.vice.com:
Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world's largest computer makers, was used to unwittingly to install a malicious backdoor on thousands of its customers' computers last year after attackers compromised a server for the company's live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says. ASUS, a multi-billion dollar computer hardware company based in Taiwan that manufactures desktop computers, laptops, mobile phones, smart home systems, and other electronics, was pushing the backdoor to customers for at least five months last year before it was discovered, according to new research from the Moscow-based security firm.
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines. Kaspersky Lab said it uncovered the attack in January after adding a new supply-chain detection technology to its scanning tool to catch anomalous code fragments hidden in legitimate code or catch code that is hijacking normal operations on a machine. The company plans to release a full technical paper and presentation about the ASUS attack, which it has dubbed ShadowHammer, next month at its Security Analyst Summit in Singapore.
airbud7
Senior Member
Posts: 7835
Joined: 2011-07-20
Senior Member
Posts: 7835
Joined: 2011-07-20
#5654102 Posted on: 03/26/2019 12:40 AM
that's what I was thinking too
It is not good for Antivirus companies neither, 5 months without detection..
that's what I was thinking too
Deleted member 213629
Unregistered
Unregistered
#5654164 Posted on: 03/26/2019 06:46 AM
Thank god I'm not procuring my ASUStek with ASUS LiveUpdate.... AISuite etc
Someone's getting fired, someone's getting sued... someone likely violated GDRP...
Thank god I'm not procuring my ASUStek with ASUS LiveUpdate.... AISuite etc
Someone's getting fired, someone's getting sued... someone likely violated GDRP...
Petr V
Senior Member
Posts: 357
Joined: 2018-08-04
Senior Member
Posts: 357
Joined: 2018-08-04
#5654204 Posted on: 03/26/2019 10:16 AM
Only Asus software updates?
Only Asus software updates?
BetA
Senior Member
Posts: 4412
Joined: 2008-03-03
Senior Member
Posts: 4412
Joined: 2008-03-03
#5654317 Posted on: 03/26/2019 04:17 PM
UPDATE::
2019/03/26
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
Advanced Persistent Threat (APT) attacks are national-level attacks usually initiated by a couple of specific countries, targeting certain international organizations or entities instead of consumers.
ASUS Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS. A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.
ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.
Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution. The tool can be found here: https://dlcdnets.asus.com/pub/ASUS/nb/Apps-for-Win10/ASUSDiagnosticTool/ASDT-v1.0.1.0.zip
Users who have any additional concerns are welcome to contact ASUS Customer Service.
More information about APT groups: https://www.fireeye.com/current-threats/apt-groups.html
How do I know whether or not my device has been targeted by the malware attack?
Only a very small number of specific user group were found to have been targeted by this attack and as such it is extremely unlikely that your device has been targeted. However, if you are still concerned about this matter, feel free to use ASUS’ security diagnostic tool or contact ASUS Customer Service for assistance.
What should I do if my device is affected?
Immediately run a backup of your files and restore your operating system to factory settings. This will completely remove the malware from your computer. In order to ensure the security of your information, ASUS recommends that you regularly update your passwords.
How do I make sure that I have the latest version of ASUS Live Update?
You can find out whether or not you have the latest version of ASUS Live Update by following the instructions shown in the link below:
https://www.asus.com/support/FAQ/1018727/
Have other ASUS devices been affected by the malware attack?
No, only the version of Live Update used for notebooks has been affected. All other devices remain unaffected.
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
heres the DIAGNOSIS TOOL from asus:
https://dlcdnets.asus.com/pub/ASUS/nb/Apps-for-Win10/ASUSDiagnosticTool/ASDT-v1.0.1.0.zip
cheers
UPDATE::
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
2019/03/26
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
Advanced Persistent Threat (APT) attacks are national-level attacks usually initiated by a couple of specific countries, targeting certain international organizations or entities instead of consumers.
ASUS Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS. A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.
ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.
Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution. The tool can be found here: https://dlcdnets.asus.com/pub/ASUS/nb/Apps-for-Win10/ASUSDiagnosticTool/ASDT-v1.0.1.0.zip
Users who have any additional concerns are welcome to contact ASUS Customer Service.
More information about APT groups: https://www.fireeye.com/current-threats/apt-groups.html
How do I know whether or not my device has been targeted by the malware attack?
Only a very small number of specific user group were found to have been targeted by this attack and as such it is extremely unlikely that your device has been targeted. However, if you are still concerned about this matter, feel free to use ASUS’ security diagnostic tool or contact ASUS Customer Service for assistance.
What should I do if my device is affected?
Immediately run a backup of your files and restore your operating system to factory settings. This will completely remove the malware from your computer. In order to ensure the security of your information, ASUS recommends that you regularly update your passwords.
How do I make sure that I have the latest version of ASUS Live Update?
You can find out whether or not you have the latest version of ASUS Live Update by following the instructions shown in the link below:
https://www.asus.com/support/FAQ/1018727/
Have other ASUS devices been affected by the malware attack?
No, only the version of Live Update used for notebooks has been affected. All other devices remain unaffected.
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
heres the DIAGNOSIS TOOL from asus:
https://dlcdnets.asus.com/pub/ASUS/nb/Apps-for-Win10/ASUSDiagnosticTool/ASDT-v1.0.1.0.zip
cheers
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 565
Joined: 2016-05-24
It is not good for Antivirus companies neither, 5 months without detection..