IT

ASUS has released a fix for the recent malware attack

ASUS has released a fix for the recent malware attack

As many as half a million computers might have installed malware disguised as an update from electronics giant ASUS after the Taiwanese company's server was hacked, according to cybersecurity firm Kaspersky Lab.

Kapersky says that this widespread attack was actually created to target a pool of specific users. In this case, however, Asus is nearly certainly either wrong or misrepresenting its own exposure to a critical and embarrassing security flaw.

Symantec, a US -based cybersecurity firm, was also able to confirm Kaspersky's discovery, adding that 13,000 of its own customers had been infected with the backdoor.

Leading computer maker ASUS suffered a cyber attack that allowed hackers to send malware to more than 50,000 customers, researchers claim.

Charlie Nash is a reporter for Breitbart Tech. Although the tainted ASUS Live Update Utility may be on your computer, it specifically targeted a pool of about 600 computers identified by their MAC address. Now, Asus has released a patch for its software, as well as a diagnostic tool for Asus notebook customers that want to verify whether or not their Live Update software was infected with malware. The breach happened in June previous year and has been confirmed to have infected more than 57,000 Windows PCs. "At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future".

House Democrats FAIL in their attempt to over ride Trump's first veto
But the House faced a high hurdle, needing a two-thirds majority - rather than a simple majority - to override the veto. Republicans were hoping to avoid a confrontation with him for fear of alienating pro-Trump voters.

Judging by information hard-coded in the malware, the attackers' aim was to compromise about 600 specific computers, but the malware it thought to have been ultimately delivered to over a million of users. Due to the age of the file utilised, Kaspersky does not believe the attackers had access to the entirety of Asus' systems, only the part necessary for signing certificates for client systems to recognise these as legitimate.

Kaspersky was able to find the backdoor in January after developing a new method for detecting supply-chain attacks. That's bad enough, but supply chain attacks that distribute malware really are a nightmare scenario because we've had it hammered into us to apply updates when they're available. This attack on Asus' update servers is the equivalent of directly infecting an audited and curated app from an app store.

The fact that network adapter MAC addresses were baked into the backdoored Live Update build suggests the snoops behind ShadowHammer were well aware of the internal operations of their target.

"While investigating this attack, we found out that the same techniques were used against software from three other vendors".