Sapphire Pulse Radeon RX 5600 XT OC review
ASUS STRIX Radeon RX 5600 XT TOP review
Gigabyte Radeon RX 5600 XT Gaming OC review
Arctic Liquid Freezer II 280 liquid cooler review
Promo: Windows 10 Pro licenses for under 10 USD
Team Group MP33 NVMe 512 GB SSD Review
ADATA SE800 1TB Portable SSD review
Promo: Microsoft Office 2016 for $29.82
Corsair H100i RGB Pro XT liquid cooler review
Corsair K95 RGB PLATINUM XT review
Hackers Hijacked ASUS Software Updates and Installed Backdoors on Many PC's and Laptops
Asus Live Update software installed on laptops and PCs from the Taiwanese manufacturer contained a backdoor between June and November 2018. Malicious folks this way could install malware on specific systems. The malware was targeted at specific mac addresses though?
Kaspersky discovered the presence of the backdoor in January and informed Asus at the end of that month. According to security researchers, the update software was infected with a backdoor in the timeframe of June up-to November 2018. Kaspersky has named this attack 'ShadowHammer' and has put a tool online for users to check whether their Asus laptop contains the backdoor.
They also created a page on which users can verify if their mac address is included on the list of targets. ASUS is believed to have pushed this malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company's server and used it to push the malware to machines. From the report posted at motherboard.vice.com:
Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world's largest computer makers, was used to unwittingly to install a malicious backdoor on thousands of its customers' computers last year after attackers compromised a server for the company's live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says. ASUS, a multi-billion dollar computer hardware company based in Taiwan that manufactures desktop computers, laptops, mobile phones, smart home systems, and other electronics, was pushing the backdoor to customers for at least five months last year before it was discovered, according to new research from the Moscow-based security firm.
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines. Kaspersky Lab said it uncovered the attack in January after adding a new supply-chain detection technology to its scanning tool to catch anomalous code fragments hidden in legitimate code or catch code that is hijacking normal operations on a machine. The company plans to release a full technical paper and presentation about the ASUS attack, which it has dubbed ShadowHammer, next month at its Security Analyst Summit in Singapore.
fantaskarsef
Senior Member
Posts: 11136
Joined: 2014-07-21
Senior Member
Posts: 11136
Joined: 2014-07-21
#5653970 Posted on: 03/25/2019 04:45 PM
Never use such a software by principle myself, but I'm fairly sure there's a lot of people doing it. Also, from the linked article:
Never use such a software by principle myself, but I'm fairly sure there's a lot of people doing it. Also, from the linked article:
“They were not trying to target as many users as possible,” said Kamluk. “They wanted to get into very specific targets and they already knew in advance their network card MAC address, which is quite interesting.”
BlackZero
Senior Member
Posts: 8880
Joined: 2007-06-17
Senior Member
Posts: 8880
Joined: 2007-06-17
#5653975 Posted on: 03/25/2019 04:53 PM
Espionage, I hear.
:p 
Espionage, I hear.
:p
fantaskarsef
Senior Member
Posts: 11136
Joined: 2014-07-21
Senior Member
Posts: 11136
Joined: 2014-07-21
#5653977 Posted on: 03/25/2019 04:56 PM
In the article, at one point they hint at the hackers behind this might be connected to Stuxnet etc., so they're not after stealing credit cards
Espionage, I hear. :p
:p In the article, at one point they hint at the hackers behind this might be connected to Stuxnet etc., so they're not after stealing credit cards
schmidtbag
Senior Member
Posts: 4632
Joined: 2012-11-10
Senior Member
Posts: 4632
Joined: 2012-11-10
#5653978 Posted on: 03/25/2019 04:56 PM
Stuff like this is why I always prefer to do a complete fresh OS install whenever I get a new PC. Pre-built PCs come with so much useless, bloated, and insecure crap that nobody asked for.
Stuff like this is why I always prefer to do a complete fresh OS install whenever I get a new PC. Pre-built PCs come with so much useless, bloated, and insecure crap that nobody asked for.
tsunami231
Senior Member
Posts: 9859
Joined: 2003-05-24
Senior Member
Posts: 9859
Joined: 2003-05-24
#5653981 Posted on: 03/25/2019 05:00 PM
source:
https://motherboard.vice.com/en-us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
i dont even install there "software" I dont even use Asus Firmware on my AC66U.
Any any PC i ever bought that was "prebuilt" by any company that make PC is isntantly Debloated or even clean installed of windows
Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers
source:
https://motherboard.vice.com/en-us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
i dont even install there "software" I dont even use Asus Firmware on my AC66U.
Any any PC i ever bought that was "prebuilt" by any company that make PC is isntantly Debloated or even clean installed of windows
HeavyHemi
Senior Member
Posts: 6388
Joined: 2008-10-27
Senior Member
Posts: 6388
Joined: 2008-10-27
#5653982 Posted on: 03/25/2019 05:00 PM
Wait a minute....
'But the US-based security firm Symantec confirmed the Kaspersky findings on Friday after being asked by Motherboard to see if any of its customers also received the malicious download. The company is still investigating the matter but said in a phone call that at least 13,000 computers belonging to Symantec customers were infected with the malicious software update from ASUS last year.
So Symantec is saying they MISSED this or they caught it and did not report a compromised server(s) to ASUS?
Wait a minute....
'But the US-based security firm Symantec confirmed the Kaspersky findings on Friday after being asked by Motherboard to see if any of its customers also received the malicious download. The company is still investigating the matter but said in a phone call that at least 13,000 computers belonging to Symantec customers were infected with the malicious software update from ASUS last year.
So Symantec is saying they MISSED this or they caught it and did not report a compromised server(s) to ASUS?
HeavyHemi
Senior Member
Posts: 6388
Joined: 2008-10-27
Senior Member
Posts: 6388
Joined: 2008-10-27
#5653985 Posted on: 03/25/2019 05:05 PM
How would that help you when the issue came from ASUS or the maker? The analog would be if your NIC driver or motherboard drivers were infected when you naturally update those from doing a base OS install. Or do you just run with the basic generic drivers?
Stuff like this is why I always prefer to do a complete fresh OS install whenever I get a new PC. Pre-built PCs come with so much useless, bloated, and insecure crap that nobody asked for.
How would that help you when the issue came from ASUS or the maker? The analog would be if your NIC driver or motherboard drivers were infected when you naturally update those from doing a base OS install. Or do you just run with the basic generic drivers?
schmidtbag
Senior Member
Posts: 4632
Joined: 2012-11-10
Senior Member
Posts: 4632
Joined: 2012-11-10
#5653991 Posted on: 03/25/2019 05:18 PM
I avoid OEM drivers wherever possible too. They too are really bloated and poorly maintained. If a non-GPU (and in some cases, non-audio driver) ends up being more than 5MB, I'm not installing it. My priority for drivers goes:
1. Windows built-in drivers (where available, and only for "simple" devices like NICs or SATA controllers).
2. The chipset manufacturer's drivers.
3. OEM-supplied drivers.
I'll sometimes use the OEM drivers if I'm having a hard time getting the first 2 to work, or, if I don't know what the chipset is and don't feel like finding out; Windows is such a PITA to find such things. I don't know why it doesn't let you probe all PCI and USB devices for their chipset like every other modern OS does so easily out-of-the-box.
How would that help you when the issue came from ASUS or the maker? The analog would be if your NIC driver or motherboard drivers were infected when you naturally update those from doing a base OS install. Or do you just run with the basic generic drivers?
I avoid OEM drivers wherever possible too. They too are really bloated and poorly maintained. If a non-GPU (and in some cases, non-audio driver) ends up being more than 5MB, I'm not installing it. My priority for drivers goes:
1. Windows built-in drivers (where available, and only for "simple" devices like NICs or SATA controllers).
2. The chipset manufacturer's drivers.
3. OEM-supplied drivers.
I'll sometimes use the OEM drivers if I'm having a hard time getting the first 2 to work, or, if I don't know what the chipset is and don't feel like finding out; Windows is such a PITA to find such things. I don't know why it doesn't let you probe all PCI and USB devices for their chipset like every other modern OS does so easily out-of-the-box.
D3M1G0D
Senior Member
Posts: 2042
Joined: 2017-03-10
Senior Member
Posts: 2042
Joined: 2017-03-10
#5654022 Posted on: 03/25/2019 07:26 PM
Figures. I buy an ASUS motherboard after having used MSI for the longest thing, and then this happens. I'm pretty sure I didn't install any automatic update software but I'll need to double-check when I get home. Very disappointing.
Figures. I buy an ASUS motherboard after having used MSI for the longest thing, and then this happens. I'm pretty sure I didn't install any automatic update software but I'll need to double-check when I get home. Very disappointing.
ruthan
Senior Member
Posts: 274
Joined: 2016-05-24
Senior Member
Posts: 274
Joined: 2016-05-24
#5654098 Posted on: 03/25/2019 11:29 PM
It is not good for Antivirus companies neither, 5 months without detection..
It is not good for Antivirus companies neither, 5 months without detection..
airbud7
Senior Member
Posts: 7657
Joined: 2011-07-20
Senior Member
Posts: 7657
Joined: 2011-07-20
#5654102 Posted on: 03/25/2019 11:40 PM
that's what I was thinking too
It is not good for Antivirus companies neither, 5 months without detection..
that's what I was thinking too
K.S.
Senior Member
Posts: 2053
Joined: 2009-06-07
Senior Member
Posts: 2053
Joined: 2009-06-07
#5654164 Posted on: 03/26/2019 05:46 AM
Thank god I'm not procuring my ASUStek with ASUS LiveUpdate.... AISuite etc
Someone's getting fired, someone's getting sued... someone likely violated GDRP...
Thank god I'm not procuring my ASUStek with ASUS LiveUpdate.... AISuite etc
Someone's getting fired, someone's getting sued... someone likely violated GDRP...
Petr V
Senior Member
Posts: 281
Joined: 2018-08-04
Senior Member
Posts: 281
Joined: 2018-08-04
#5654204 Posted on: 03/26/2019 09:16 AM
Only Asus software updates?
Only Asus software updates?
BetA
Senior Member
Posts: 4197
Joined: 2008-03-03
Senior Member
Posts: 4197
Joined: 2008-03-03
#5654317 Posted on: 03/26/2019 03:17 PM
UPDATE::
2019/03/26
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
Advanced Persistent Threat (APT) attacks are national-level attacks usually initiated by a couple of specific countries, targeting certain international organizations or entities instead of consumers.
ASUS Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS. A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.
ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.
Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution. The tool can be found here: https://dlcdnets.asus.com/pub/ASUS/nb/Apps-for-Win10/ASUSDiagnosticTool/ASDT-v1.0.1.0.zip
Users who have any additional concerns are welcome to contact ASUS Customer Service.
More information about APT groups: https://www.fireeye.com/current-threats/apt-groups.html
How do I know whether or not my device has been targeted by the malware attack?
Only a very small number of specific user group were found to have been targeted by this attack and as such it is extremely unlikely that your device has been targeted. However, if you are still concerned about this matter, feel free to use ASUS’ security diagnostic tool or contact ASUS Customer Service for assistance.
What should I do if my device is affected?
Immediately run a backup of your files and restore your operating system to factory settings. This will completely remove the malware from your computer. In order to ensure the security of your information, ASUS recommends that you regularly update your passwords.
How do I make sure that I have the latest version of ASUS Live Update?
You can find out whether or not you have the latest version of ASUS Live Update by following the instructions shown in the link below:
https://www.asus.com/support/FAQ/1018727/
Have other ASUS devices been affected by the malware attack?
No, only the version of Live Update used for notebooks has been affected. All other devices remain unaffected.
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
heres the DIAGNOSIS TOOL from asus:
https://dlcdnets.asus.com/pub/ASUS/nb/Apps-for-Win10/ASUSDiagnosticTool/ASDT-v1.0.1.0.zip
cheers
UPDATE::
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
2019/03/26
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
Advanced Persistent Threat (APT) attacks are national-level attacks usually initiated by a couple of specific countries, targeting certain international organizations or entities instead of consumers.
ASUS Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS. A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.
ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.
Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution. The tool can be found here: https://dlcdnets.asus.com/pub/ASUS/nb/Apps-for-Win10/ASUSDiagnosticTool/ASDT-v1.0.1.0.zip
Users who have any additional concerns are welcome to contact ASUS Customer Service.
More information about APT groups: https://www.fireeye.com/current-threats/apt-groups.html
How do I know whether or not my device has been targeted by the malware attack?
Only a very small number of specific user group were found to have been targeted by this attack and as such it is extremely unlikely that your device has been targeted. However, if you are still concerned about this matter, feel free to use ASUS’ security diagnostic tool or contact ASUS Customer Service for assistance.
What should I do if my device is affected?
Immediately run a backup of your files and restore your operating system to factory settings. This will completely remove the malware from your computer. In order to ensure the security of your information, ASUS recommends that you regularly update your passwords.
How do I make sure that I have the latest version of ASUS Live Update?
You can find out whether or not you have the latest version of ASUS Live Update by following the instructions shown in the link below:
https://www.asus.com/support/FAQ/1018727/
Have other ASUS devices been affected by the malware attack?
No, only the version of Live Update used for notebooks has been affected. All other devices remain unaffected.
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
heres the DIAGNOSIS TOOL from asus:
https://dlcdnets.asus.com/pub/ASUS/nb/Apps-for-Win10/ASUSDiagnosticTool/ASDT-v1.0.1.0.zip
cheers
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 570
Joined: 2004-09-20
Nice....never trusted their software anyway, always something was wrong with installer on my z97