Welcome, Guest

 or  Register

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers
Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world’s largest computer makers, was used to unwittingly to install a malicious backdoor on thousands of its customers’ computers last year after attackers compromised a server for the company’s live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says.

ASUS, a multi-billion dollar computer hardware company based in Taiwan that manufactures desktop computers, laptops, mobile phones, smart home systems, and other electronics, was pushing the backdoor to customers for at least five months last year before it was discovered, according to new research from the Moscow-based security firm.

The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines.

Kaspersky Lab said it uncovered the attack in January after adding a new supply-chain detection technology to its scanning tool to catch anomalous code fragments hidden in legitimate code or catch code that is hijacking normal operations on a machine. The company plans to release a full technical paper and presentation about the ASUS attack, which it has dubbed ShadowHammer, next month at its Security Analyst Summit in Singapore. In the meantime, Kaspersky has published some of the technical details on its website.

Apache54, John, root, sivil, Wingsprint  likes this!
Reply Share
Thanks God I'm not an ASUS guy
MaximalGravity  likes this!
Reply Share
I just bought a 2009 Acer 6930 for $79.00 with free shipping.

It arrived in original box, has all manuals, looks like it just rolled off the production line.

Thanks, Ebay. I'll rig this Windows Vista my own way.
Apache54, John  likes this!
Reply Share
Oh man! That's amazing they could fool the manufacturer! V6sRZf4
Apache54  likes this!
Reply Share
(03-25-2019, 12:04 PM)bigD111 Wrote: Oh man!  That's amazing they could fool the manufacturer!   V6sRZf4

and THAT is just another reason to NEVER EVER keep your security info. pass codes, CC info. online, it will be hacked someday.
Reply Share
(03-25-2019, 11:04 AM)sivil Wrote: Thanks God I'm not an ASUS guy

I run a fast Asus MB WS as a post production box. It hasn't been updated in years. It runs offline. I always wait for bug fixes before installing anything. 6mo to a year for most stuff, unless it's a critical patch.
The Islamic State militants, known as ISIS, are now using a single, raised index finger as the symbol of their cause.
Apache54  likes this!
Reply Share

Post Thread  Back To Forum
Quick Reply
Type your reply to this message here.

Please select the number: 4
1 2 3 4 5 6 7 8 9 10