Corsair M55 RGB PRO gaming mouse review
Promo: Windows 10 Pro for $13 With Office 2016 For $33
Lexar NM600 NVMe M.2. SSD (480GB) review
Tech preview: Radeon RX 5700 and 5700 XT
Tech preview: AMD Ryzen 3000 - 7nm ZEN2
Patriot Viper VPN100 M2 NVMe 512 GB SSD Review
Samsung 970 EVO Plus 2TB NVMe M.2. SSD review
Guru3D Rig of the Month - May 2019
Promo: URCDKey Summer Sale Windows 10 Pro for $11
DeepCool Matrexx 70 Chassis review
Hackers Hijacked ASUS Software Updates and Installed Backdoors on Many PC's and Laptops
Asus Live Update software installed on laptops and PCs from the Taiwanese manufacturer contained a backdoor between June and November 2018. Malicious folks this way could install malware on specific systems. The malware was targeted at specific mac addresses though?
Kaspersky discovered the presence of the backdoor in January and informed Asus at the end of that month. According to security researchers, the update software was infected with a backdoor in the timeframe of June up-to November 2018. Kaspersky has named this attack 'ShadowHammer' and has put a tool online for users to check whether their Asus laptop contains the backdoor.
They also created a page on which users can verify if their mac address is included on the list of targets. ASUS is believed to have pushed this malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company's server and used it to push the malware to machines. From the report posted at motherboard.vice.com:
Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world's largest computer makers, was used to unwittingly to install a malicious backdoor on thousands of its customers' computers last year after attackers compromised a server for the company's live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says. ASUS, a multi-billion dollar computer hardware company based in Taiwan that manufactures desktop computers, laptops, mobile phones, smart home systems, and other electronics, was pushing the backdoor to customers for at least five months last year before it was discovered, according to new research from the Moscow-based security firm.
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines. Kaspersky Lab said it uncovered the attack in January after adding a new supply-chain detection technology to its scanning tool to catch anomalous code fragments hidden in legitimate code or catch code that is hijacking normal operations on a machine. The company plans to release a full technical paper and presentation about the ASUS attack, which it has dubbed ShadowHammer, next month at its Security Analyst Summit in Singapore.
fantaskarsef
Senior Member
Posts: 10340
Joined: 2014-07-21
Senior Member
Posts: 10340
Joined: 2014-07-21
#5653970 Posted on: 03/25/2019 05:45 PM
Never use such a software by principle myself, but I'm fairly sure there's a lot of people doing it. Also, from the linked article:
Never use such a software by principle myself, but I'm fairly sure there's a lot of people doing it. Also, from the linked article:
“They were not trying to target as many users as possible,” said Kamluk. “They wanted to get into very specific targets and they already knew in advance their network card MAC address, which is quite interesting.”
BlackZero
Senior Member
Posts: 8861
Joined: 2007-06-17
Senior Member
Posts: 8861
Joined: 2007-06-17
#5653975 Posted on: 03/25/2019 05:53 PM
Espionage, I hear.
:p 
Espionage, I hear.
:p
fantaskarsef
Senior Member
Posts: 10340
Joined: 2014-07-21
Senior Member
Posts: 10340
Joined: 2014-07-21
#5653977 Posted on: 03/25/2019 05:56 PM
In the article, at one point they hint at the hackers behind this might be connected to Stuxnet etc., so they're not after stealing credit cards
Espionage, I hear. :p
:p In the article, at one point they hint at the hackers behind this might be connected to Stuxnet etc., so they're not after stealing credit cards
schmidtbag
Senior Member
Posts: 4003
Joined: 2012-11-10
Senior Member
Posts: 4003
Joined: 2012-11-10
#5653978 Posted on: 03/25/2019 05:56 PM
Stuff like this is why I always prefer to do a complete fresh OS install whenever I get a new PC. Pre-built PCs come with so much useless, bloated, and insecure crap that nobody asked for.
Stuff like this is why I always prefer to do a complete fresh OS install whenever I get a new PC. Pre-built PCs come with so much useless, bloated, and insecure crap that nobody asked for.
tsunami231
Senior Member
Posts: 9290
Joined: 2003-05-24
Senior Member
Posts: 9290
Joined: 2003-05-24
#5653981 Posted on: 03/25/2019 06:00 PM
source:
https://motherboard.vice.com/en-us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
i dont even install there "software" I dont even use Asus Firmware on my AC66U.
Any any PC i ever bought that was "prebuilt" by any company that make PC is isntantly Debloated or even clean installed of windows
Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers
source:
https://motherboard.vice.com/en-us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
i dont even install there "software" I dont even use Asus Firmware on my AC66U.
Any any PC i ever bought that was "prebuilt" by any company that make PC is isntantly Debloated or even clean installed of windows
HeavyHemi
Senior Member
Posts: 6140
Joined: 2008-10-27
Senior Member
Posts: 6140
Joined: 2008-10-27
#5653982 Posted on: 03/25/2019 06:00 PM
Wait a minute....
'But the US-based security firm Symantec confirmed the Kaspersky findings on Friday after being asked by Motherboard to see if any of its customers also received the malicious download. The company is still investigating the matter but said in a phone call that at least 13,000 computers belonging to Symantec customers were infected with the malicious software update from ASUS last year.
So Symantec is saying they MISSED this or they caught it and did not report a compromised server(s) to ASUS?
Wait a minute....
'But the US-based security firm Symantec confirmed the Kaspersky findings on Friday after being asked by Motherboard to see if any of its customers also received the malicious download. The company is still investigating the matter but said in a phone call that at least 13,000 computers belonging to Symantec customers were infected with the malicious software update from ASUS last year.
So Symantec is saying they MISSED this or they caught it and did not report a compromised server(s) to ASUS?
HeavyHemi
Senior Member
Posts: 6140
Joined: 2008-10-27
Senior Member
Posts: 6140
Joined: 2008-10-27
#5653985 Posted on: 03/25/2019 06:05 PM
How would that help you when the issue came from ASUS or the maker? The analog would be if your NIC driver or motherboard drivers were infected when you naturally update those from doing a base OS install. Or do you just run with the basic generic drivers?
Stuff like this is why I always prefer to do a complete fresh OS install whenever I get a new PC. Pre-built PCs come with so much useless, bloated, and insecure crap that nobody asked for.
How would that help you when the issue came from ASUS or the maker? The analog would be if your NIC driver or motherboard drivers were infected when you naturally update those from doing a base OS install. Or do you just run with the basic generic drivers?
schmidtbag
Senior Member
Posts: 4003
Joined: 2012-11-10
Senior Member
Posts: 4003
Joined: 2012-11-10
#5653991 Posted on: 03/25/2019 06:18 PM
I avoid OEM drivers wherever possible too. They too are really bloated and poorly maintained. If a non-GPU (and in some cases, non-audio driver) ends up being more than 5MB, I'm not installing it. My priority for drivers goes:
1. Windows built-in drivers (where available, and only for "simple" devices like NICs or SATA controllers).
2. The chipset manufacturer's drivers.
3. OEM-supplied drivers.
I'll sometimes use the OEM drivers if I'm having a hard time getting the first 2 to work, or, if I don't know what the chipset is and don't feel like finding out; Windows is such a PITA to find such things. I don't know why it doesn't let you probe all PCI and USB devices for their chipset like every other modern OS does so easily out-of-the-box.
How would that help you when the issue came from ASUS or the maker? The analog would be if your NIC driver or motherboard drivers were infected when you naturally update those from doing a base OS install. Or do you just run with the basic generic drivers?
I avoid OEM drivers wherever possible too. They too are really bloated and poorly maintained. If a non-GPU (and in some cases, non-audio driver) ends up being more than 5MB, I'm not installing it. My priority for drivers goes:
1. Windows built-in drivers (where available, and only for "simple" devices like NICs or SATA controllers).
2. The chipset manufacturer's drivers.
3. OEM-supplied drivers.
I'll sometimes use the OEM drivers if I'm having a hard time getting the first 2 to work, or, if I don't know what the chipset is and don't feel like finding out; Windows is such a PITA to find such things. I don't know why it doesn't let you probe all PCI and USB devices for their chipset like every other modern OS does so easily out-of-the-box.
D3M1G0D
Senior Member
Posts: 1672
Joined: 2017-03-10
Senior Member
Posts: 1672
Joined: 2017-03-10
#5654022 Posted on: 03/25/2019 08:26 PM
Figures. I buy an ASUS motherboard after having used MSI for the longest thing, and then this happens. I'm pretty sure I didn't install any automatic update software but I'll need to double-check when I get home. Very disappointing.
Figures. I buy an ASUS motherboard after having used MSI for the longest thing, and then this happens. I'm pretty sure I didn't install any automatic update software but I'll need to double-check when I get home. Very disappointing.
ruthan
Senior Member
Posts: 231
Joined: 2016-05-24
Senior Member
Posts: 231
Joined: 2016-05-24
#5654098 Posted on: 03/26/2019 12:29 AM
It is not good for Antivirus companies neither, 5 months without detection..
It is not good for Antivirus companies neither, 5 months without detection..
airbud7
Senior Member
Posts: 6876
Joined: 2011-07-20
Senior Member
Posts: 6876
Joined: 2011-07-20
#5654102 Posted on: 03/26/2019 12:40 AM
that's what I was thinking too
It is not good for Antivirus companies neither, 5 months without detection..
that's what I was thinking too
K.S.
Senior Member
Posts: 1285
Joined: 2009-06-07
Senior Member
Posts: 1285
Joined: 2009-06-07
#5654164 Posted on: 03/26/2019 06:46 AM
Thank god I'm not procuring my ASUStek with ASUS LiveUpdate.... AISuite etc
Someone's getting fired, someone's getting sued... someone likely violated GDRP...
Thank god I'm not procuring my ASUStek with ASUS LiveUpdate.... AISuite etc
Someone's getting fired, someone's getting sued... someone likely violated GDRP...
Petr V
Senior Member
Posts: 189
Joined: 2018-08-04
Senior Member
Posts: 189
Joined: 2018-08-04
#5654204 Posted on: 03/26/2019 10:16 AM
Only Asus software updates?
Only Asus software updates?
BetA
Senior Member
Posts: 4141
Joined: 2008-03-03
Senior Member
Posts: 4141
Joined: 2008-03-03
#5654317 Posted on: 03/26/2019 04:17 PM
UPDATE::
2019/03/26
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
Advanced Persistent Threat (APT) attacks are national-level attacks usually initiated by a couple of specific countries, targeting certain international organizations or entities instead of consumers.
ASUS Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS. A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.
ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.
Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution. The tool can be found here: https://dlcdnets.asus.com/pub/ASUS/nb/Apps-for-Win10/ASUSDiagnosticTool/ASDT-v1.0.1.0.zip
Users who have any additional concerns are welcome to contact ASUS Customer Service.
More information about APT groups: https://www.fireeye.com/current-threats/apt-groups.html
How do I know whether or not my device has been targeted by the malware attack?
Only a very small number of specific user group were found to have been targeted by this attack and as such it is extremely unlikely that your device has been targeted. However, if you are still concerned about this matter, feel free to use ASUS’ security diagnostic tool or contact ASUS Customer Service for assistance.
What should I do if my device is affected?
Immediately run a backup of your files and restore your operating system to factory settings. This will completely remove the malware from your computer. In order to ensure the security of your information, ASUS recommends that you regularly update your passwords.
How do I make sure that I have the latest version of ASUS Live Update?
You can find out whether or not you have the latest version of ASUS Live Update by following the instructions shown in the link below:
https://www.asus.com/support/FAQ/1018727/
Have other ASUS devices been affected by the malware attack?
No, only the version of Live Update used for notebooks has been affected. All other devices remain unaffected.
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
heres the DIAGNOSIS TOOL from asus:
https://dlcdnets.asus.com/pub/ASUS/nb/Apps-for-Win10/ASUSDiagnosticTool/ASDT-v1.0.1.0.zip
cheers
UPDATE::
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
2019/03/26
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
Advanced Persistent Threat (APT) attacks are national-level attacks usually initiated by a couple of specific countries, targeting certain international organizations or entities instead of consumers.
ASUS Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS. A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.
ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.
Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution. The tool can be found here: https://dlcdnets.asus.com/pub/ASUS/nb/Apps-for-Win10/ASUSDiagnosticTool/ASDT-v1.0.1.0.zip
Users who have any additional concerns are welcome to contact ASUS Customer Service.
More information about APT groups: https://www.fireeye.com/current-threats/apt-groups.html
How do I know whether or not my device has been targeted by the malware attack?
Only a very small number of specific user group were found to have been targeted by this attack and as such it is extremely unlikely that your device has been targeted. However, if you are still concerned about this matter, feel free to use ASUS’ security diagnostic tool or contact ASUS Customer Service for assistance.
What should I do if my device is affected?
Immediately run a backup of your files and restore your operating system to factory settings. This will completely remove the malware from your computer. In order to ensure the security of your information, ASUS recommends that you regularly update your passwords.
How do I make sure that I have the latest version of ASUS Live Update?
You can find out whether or not you have the latest version of ASUS Live Update by following the instructions shown in the link below:
https://www.asus.com/support/FAQ/1018727/
Have other ASUS devices been affected by the malware attack?
No, only the version of Live Update used for notebooks has been affected. All other devices remain unaffected.
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
heres the DIAGNOSIS TOOL from asus:
https://dlcdnets.asus.com/pub/ASUS/nb/Apps-for-Win10/ASUSDiagnosticTool/ASDT-v1.0.1.0.zip
cheers
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 521
Joined: 2004-09-20
Nice....never trusted their software anyway, always something was wrong with installer on my z97