Monday, March 25th 2019

Hackers Get to ASUS Live Update Servers, Plant Malware in Thousands of Computers

In a chilling reminder of just why system software should always be manually updated and never automatically, Vice Motherboard citing Kaspersky Labs reports that hackers have compromised the Live Update servers of ASUS, making them push malware to thousands of computers configured to fetch and install updates automatically. These include not just PC motherboards, but also pre-builts such as notebooks and desktops by ASUS. Smartphones and IoT devices by ASUS are also affected. Hackers have managed to use valid ASUS digital certificates to masquerade their malware as legitimate software updates from ASUS.

Kaspersky Labs says that as many as half a million devices have fallen prey to malware pushed to them by ASUS. The cybersecurity firm says it discovered the malware in January 2019 when implementing a new supply-chain detection technology, and informed ASUS by late-January. Kaspersky even sent a technically-sound representative to meet with ASUS in February. Kaspersky claims that ASUS has since been "largely unresponsive since then and has not notified ASUS customers about the issue." ASUS is already drowning in bad-rep from the PC enthusiast community for its Armoury Crate feature that lets motherboard BIOS push software to a Windows installation through an ACPI table dubbed "the vendor's rootkit," which ASUS enabled by default on new motherboards. Who knows what recent motherboard BIOS updates have pushed into your PC through this method.
Source: Vice Motherboard
Add your own comment

43 Comments on Hackers Get to ASUS Live Update Servers, Plant Malware in Thousands of Computers

#26
MnkyBrs
Great, you don't have auto-update on. But this problem has been out there for a couple months without anyone knowing about it. So even if you manually update, you could still have done it yourself, no?
Posted on Reply
#27
Esse
I had it set to auto-update but it never did. It's running an old version from the time I got the notebook.
Posted on Reply
#29
muchoman
kaspersky=russian
you believe?
Posted on Reply
#30
Tomorrow
RH92 said:
As far as AM4 goes Asrock has good hardware but their bios is a big joke : missing bios options , abysmal ram oc/support , bios updates take ages even for simple bugs and brake more things than they do fix , moved from Fatality AB350 itx to Strix B450-i for this exact reason and i can tell you for sure that ASUS are miles ahead in terms of OC features , relevant bios updates etc etc . If for some reason you don't want to go with ASUS i would advise you to go with MSI especialy now that they have implemented offset voltage , don't make the Asrock mistake !
I can second some of these points building a AsRock B450 based system last week. The BIOS is confusing with the same options in several places. But if you change it in one place it does not change in another. Plus i have a bug with code 98 displaying for nearly a minute before the board boots. Supposedly it's related to PCI-E which i don't even have any devices connected. It's also pretty rich if you reach some option and the help section instead of you know...helping displays: No help string. Like seriously. Did someone forgot to include it or what?

Also no luck overcloking RAM so far. 3000Mhz rated kit and XMP option is unstable at 2933 or anything above it even when keying in specific values from Ryzen DRAM calculator based on my memory (Teamgroup Delta RGB 2x4GB using Micron B-Die chips).

Also unlike ASUS and some others the BIOS does not show what settings you have changed when saving or exiting. You can't select to load or save custom profiles with only keyboard. The RGB tool is unable to control connected RAM sticks from BIOS. The autoupdate tool for ODD-less systems supposedly downloads drivers to...somewhere on disk which i have yet to find where.

God what a mess. I should have gone with ASUS instead. Not saying they are perfect but atleast their hardware and BIOS is manageable. Well except for Z390 VRM-s and windows based software.
Posted on Reply
#31
Tatty_One
Senior Moder@tor
muchoman said:
kaspersky=russian
you believe?
Founded in Russia and it's Global Headquarters is in Moscow I beleive.
Posted on Reply
#32
Psimoes
i did a bios update on my maximus XI this week ,a popup of ez update showed up and updated

am i in danger?
Posted on Reply
#33
moproblems99
Psimoes said:
i did a bios update on my maximus XI this week ,a popup of ez update showed up and updated

am i in danger?
Only if your MAC was one of the targeted which I would highly doubt.
Posted on Reply
#34
INSTG8R
My Custom Title
Psimoes said:
i did a bios update on my maximus XI this week ,a popup of ez update showed up and updated

am i in danger?
Nope the program was distributed for ASUS Notebooks. Try running the detection tool they have provided I guarantee it will error out for "unsupported hardware"
Posted on Reply
#35
Abaidor
Tomorrow said:


God what a mess. I should have gone with ASUS instead. Not saying they are perfect but atleast their hardware and BIOS is manageable. Well except for Z390 VRM-s and windows based software.
Their BIOS is the best as far as I am concerned. If only they would make a serious effort on the software front they would be perfect and all features would be working. I really wonder if there is even a manager in charge of all this and why on earth isn't he/she doing something....What is possibly holding them back from solving their software issues? Is it so hard to produce proper motherboard software given the resources and experience of Asus? Is it simple arrogance? Who knows and why should we care when other products "Just Work" (pun intended)....lol.
Posted on Reply
#36
Psimoes
moproblems99 said:
Only if your MAC was one of the targeted which I would highly doubt.
i checked on kaspberry mac checker and i seem good
Posted on Reply
#37
moproblems99
Abaidor said:
Their BIOS is the best as far as I am concerned. If only they would make a serious effort on the software front they would be perfect and all features would be working. I really wonder if there is even a manager in charge of all this and why on earth isn't he/she doing something....What is possibly holding them back from solving their software issues? Is it so hard to produce proper motherboard software given the resources and experience of Asus? Is it simple arrogance? Who knows and why should we care when other products "Just Work" (pun intended)....lol.
What motherboard software could you possibly need?
Posted on Reply
#38
R-T-B
muchoman said:
kaspersky=russian
you believe?
I mean, they are HQ'd in Russia. Or do you mean you don't believe them because they are russian? If so that's silly, this is pretty verifiable and they have a good track record on such things. The only thing the US government was suspicious of is what their AV was collecting, and whether it could be secretly seized by the Russian government and/or courts, hardly whether or not it worked or the company was honest.

moproblems99 said:
What motherboard software could you possibly need?
If you ask me the bios should handle all of that, but that seems to be a "times are changing" kind of thing.

Xzibit said:
Don't AVs in general send info (statistics home) whether you give them permission or not every time they call home to check for a update.
Depends on the AV Vendor but it's hardly rare. The issue is jurisdiction in Kaspersky's case (regarding why the USA pounced on them).
Posted on Reply
#39
INSTG8R
My Custom Title
moproblems99 said:
What motherboard software could you possibly need?
Well my Sabertooth has 2 extra fans, one cooling the VRM and one on the board. Without AI Suite I can't control them and they can't do their "magic" reverse dust spin thing and post shut down cooling cycle.
I totally agree with Abaidor, ASUS has the best BIOS BUT the absolute WORST software...There was the period of time a Windows update broke all ASUS software and I was left high and dry. ASUS put a "new" version of AI Suite out as a solution. It didn't even see ANYTHING on my board so it was absolutely useless to me and well ASUS is also terrible with uninstallers, once you get it in there getting it out again is near impossible.
But bottom line I NEED AI Suite and specifically the one for my motherboard, not a generic version.But I strip it down on install to just the bit I need because it always comes with a ton of bloat.Just built a 2600X rig for a friend on an ASUS board recently and it's still the buggy bloated mess even now.
Posted on Reply
#40
moproblems99
INSTG8R said:
Well my Sabertooth has 2 extra fans, one cooling the VRM and one on the board. Without AI Suite I can't control them and they can't do their "magic" reverse dust spin thing and post shut down cooling cycle.
I totally agree with Abaidor, ASUS has the best BIOS BUT the absolute WORST software...There was the period of time a Windows update broke all ASUS software and I was left high and dry. ASUS put a "new" version of AI Suite out as a solution. It didn't even see ANYTHING on my board so it was absolutely useless to me and well ASUS is also terrible with uninstallers, once you get it in there getting it out again is near impossible.
But bottom line I NEED AI Suite and specifically the one for my motherboard, not a generic version.But I strip it down on install to just the bit I need because it always comes with a ton of bloat.Just built a 2600X rig for a friend on an ASUS board recently and it's still the buggy bloated mess even now.
Understood. My Strix 580 was the worst of my group and the one board from them I owned was nothing fantastic. But I won't touch ASUS after Arez anyway.
Posted on Reply
#41
INSTG8R
My Custom Title
moproblems99 said:
Understood. My Strix 580 was the worst of my group and the one board from them I owned was nothing fantastic. But I won't touch ASUS after Arez anyway.
Oh I'm first to admit ASUS software sucks to high heaven, sadly some of us are dependent on said suck...This fiasco really doesn't surprise me just more of that good old ASUS software...
Posted on Reply
#42
Abaidor
moproblems99 said:
What motherboard software could you possibly need?
As others pointed out I mostly need the Fan control package (Fan Expert 4) and although my motherboard has extensive options in Q-FAN (BIOS) that I use, you always need to reboot in order to make adjustments. Yet, some things are not possible through BIOS. Have a look at Aquaero & Aquasuite and you will see what I mean.

Most probably I will end up with an Aquaero + their LED controllers since both fan/pump/sensor control through BIOS is limited while Aura is simply a piece of junk software once you add some burden to it while it lacks in features and stability. Damn Aura does not even have profiles.
Posted on Reply
#43
TheGuruStud
moproblems99 said:
It really is a guestimation. They know they had 57,000 clients that had the infection and they likely know how many clients have ASUS mobos so it was a simple extrapolation. Symantec reported 13,000 of their clients had it.

What I find the most interesting is that the attackers already knew the MAC addresses they were targeting. I would surmise that they retrieved those from the previous ASUS hack they did.
Cmon, now, symantec couldn't detect malware on a 12 yr old boy's porn laptop.
Posted on Reply
Add your own comment