Solarquest

Moderator
Staff member
Malware Hunter
Verified
The Taiwan-based tech giant ASUS is believed to have pushed the malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company’s server and used it to push the malware to machines.
Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world’s largest computer makers, was used to unwittingly to install a malicious backdoor on thousands of its customers’ computers last year after attackers compromised a server for the company’s live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says.
ASUS, a multi-billion dollar computer hardware company based in Taiwan that manufactures desktop computers, laptops, mobile phones, smart home systems, and other electronics, was pushing the backdoor to customers for at least five months last year before it was discovered, according to new research from the Moscow-based security firm.

The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems.
...
...
 
Last edited:

Burrito

Level 11
Verified
I know that even when a business is really proactive and careful, they can still be hacked by a dedicated attack.

But... there needs to be a class-action lawsuit or other financial penalties to force trusted certificate issuing entities to apply all sorts of security and data checks to ensure these types of incidents don't happen.

If you don't penalize businesses who don't try hard enough.... there is little incentive for others to expend the resources to do the right thing.

ASUS could have had a software update integrity check system to ensure that distributed software was not tampered with.
 

shmu26

Level 76
Content Creator
Trusted
Verified
The malicious file was signed with legitimate ASUS digital certificates
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems.
Quite similar to the famous CCleaner incident. It's a targeted attack that is almost impossible to detect.
Like @Burrito said, the responsibility lies with the business whose poor security policies allowed them to get hacked down to their socks, and then not even notice that their signing mechanism was pwned. LOL those guys were sleeping on the job.
 
Last edited:

SUPRA

Level 2
MSI is the best in terms of motherboard at least.

I have an ASUS Mobo, and this gives me one more good reason to get a Gigabyte next time . Fortunately, I don't have ASUS's garbage software installed.

I assume that all the AVs will soon be detecting it.
As far as I know Gigabyte's have DRAM cooling issue in their mid tier motherboards. High-end motherboards are good...
 

shmu26

Level 76
Content Creator
Trusted
Verified
MSI is the best in terms of motherboard at least.


As far as I know Gigabyte's have DRAM cooling issue in their mid tier motherboards. High-end motherboards are good...
What if it is not a gaming rig, just a general purpose machine? Would you still say that MSI is better?
 

devjit2018

Level 8
I have an ASUS Mobo, and this gives me one more good reason to get a Gigabyte next time . Fortunately, I don't have ASUS's garbage software installed.

I assume that all the AVs will soon be detecting it.
Please don't get a gigabyte motherboard. I have had three of them failed in my family and they were just used for family work like surfing, watching movies, listening songs and working with MS office. ASUS, MSI and ASRock have given me the best service so far. It's just a shame that ASUS couldn't defend their servers from these hackers but otherwise they make excellent hardware components. I have an i5 2500 with an ASUS H61 mobo and it's still running since 2011.
 

SHvFl

Level 35
Content Creator
Trusted
Verified
Quite similar to the famous CCleaner incident. It's a targeted attack that is almost impossible to detect.
Like @Burrito said, the responsibility lies with the business whose poor security policies allowed them to get hacked down to their socks, and then not even notice that their signing mechanism was pwned. LOL those guys were sleeping on the job.
people need to stop trusting certificates from every company. Other than microsoft, google, mozilla you are probably pushing it.

EDIT:If you do that and don't install updates for useless stuff every week you are fine as the chances of stuff not getting known is low.
People should only maintain their software only after a changelog was posted for a while and it makes sense to update. Blindly pushing yes update is stupid.
 

Raiden

Level 10
Content Creator
Verified
This is quite interesting!

It seems like more and more of these types of things are happening/will happen in the future. It's kind of smart in a way, as it can go undetected for very long periods of time. This can happen to anyone unfortunately. While I have and love Asus products, I may have to consider other brands during my next build, not because this happened, but because of their attitude and stance on the matter. The simple fact that they brushed it off without a second thought, or even taking the time to dig deep into it, IMHO really shows how much they care about their customers. Thankfully I don't have any of those pieces of software installed so I am all good on that front, but as I've said, due to their poor response, I may have to consider other brands in the future.
 

Slyguy

Level 40
Yes and remember how many people stopped using CCleaner because of this? And is there a fix for it?
I think most of us stopped because Avast bought it and the compromise just happened to be around the same time. I don't think anything associated with Avast is a good idea to use.

As for these types of compromises. Never trust garbage bloatware from these firms. The most absolute minimum investment of resources, time, money and security is always applied to this bloatware trash from ALL vendors. The first and most golden rule of any new laptop purchase is to DBAN the thing, and reinstall a fresh non-vendor specific new copy of Windows 10 pro, and keep that bloatware trash off of your systems.
 

mickel1

Level 1
The Taiwan-based tech giant ASUS is believed to have pushed the malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company’s server and used it to push the malware to machines.
Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world’s largest computer makers, was used to unwittingly to install a malicious backdoor on thousands of its customers’ computers last year after attackers compromised a server for the company’s live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says.
ASUS, a multi-billion dollar computer hardware company based in Taiwan that manufactures desktop computers, laptops, mobile phones, smart home systems, and other electronics, was pushing the backdoor to customers for at least five months last year before it was discovered, according to new research from the Moscow-based security firm.

The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems.
...
...
You can use a tool created by Kaspersky to check if your ASUS PC is affected/infected. Here's the link to that tool.
 

Raiden

Level 10
Content Creator
Verified
I smell a big lawsuit $$$ coming. Who knows what the malware did to the computer unless someone gets their hands on the actual malware.
Ya, I won't be surprised if this happens. If anything it will happen simply on the fact that they were told about this about 2-3 months ago, but their ego got in the way and ignored it. So as a result, their poor decision to handle the matter appropriately will come back around and bit them unfortunately.
 

SUPRA

Level 2
What if it is not a gaming rig, just a general purpose machine? Would you still say that MSI is better?
Dear sir as I told you their mid tier boards are horrible whether it is for gaming or casual use, their dram's are horrible they keeps on failing. As @devjit2018 said you can consider ASRock or MSI both are good also Asus used to be good I have an old system with Asus mobo for 5 years not got a single problem, but I am not happy with their BIOS and other softwares they all are pretty buggy even the drivers. I always download Intel authentic drivers from intel site.
You can see this YouTube channel Actually Hardcore Overclocking he has done a pretty good work in terms of testing mobos...
 
  • Like
Reactions: JB007 and shmu26

Local Host

Level 14
Verified
Dear sir as I told you their mid tier boards are horrible whether it is for gaming or casual use, their dram's are horrible they keeps on failing. As @devjit2018 said you can consider ASRock or MSI both are good also Asus used to be good I have an old system with Asus mobo for 5 years not got a single problem, but I am not happy with their BIOS and other softwares they all are pretty buggy even the drivers. I always download Intel authentic drivers from intel site.
You can see this YouTube channel Actually Hardcore Overclocking he has done a pretty good work in terms of testing mobos...
If you have problems with ASUS BIOS, you have problems with ASUS MBs in general. I actually been using ASUS MBs for over a decade and never had a single problem with their BIOS updates, in fact they one of the few MBs suppliers who actually support and update their BIOS for years.

Then again this is 2019, there are no MBs with BIOS on the market.