Asus LiveUpdate utility & servers compromised for targeted attack...
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 2 of 2
  1. #1
    Join Date
    Jun 2005
    Location
    Montreal, Que, Canada
    Posts
    5,861
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Asus LiveUpdate utility & servers compromised for targeted attack...

    Reported by Tom's Hardware. At least 57,000 boards have been infected. New bios downloads
    may have to be done
    The MAC address within the bios is hard coded for certain mother boards.

    What about your cpu bios update? Are we secure?
    Leslie in Montreal

    Interesting web sites list
    http://forums.fedoraforum.org/showth...40#post1697840

  2. #2
    Join Date
    Dec 2013
    Location
    United Kingdom
    Posts
    7,096
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)

    Re: Asus bios had been hacked

    Please give a link in future so that you don't cause widespread panic and if you have never run LiveUpdate utility to upgrade UEFI firmware from within Windows you are not affected. It's a containable threat and affects a much smaller proportion of specifically targeted ASUS product owners (using MAC address matching) where users have updated UEFI firmware through their Windows online update utility. The figures given by Kaspersky don't account for the targeted MAC addresses. They are based on KSN figures reporting installed instances of LiveUpdate Utility which of course is much much higher than the number of machines targeted. It just means it is present on a machine but it doesn't mean your machine is a target of the malware attack.

    If you flashed from USB stick offline then you are not affected by this. They are aware of it and are dealing with it, there's a security check utility to find out if the board has been compromised and a revised version of LiveUpdate without the vulnerability. An updated article with a response from ASUS is here:

    https://www.pcgamer.com/asus-unwitti...ity-firm-says/

    If the infected machine has a MAC address on the malware's target list, then the malware activates a "backdoor" through which other malware can be downloaded and installed and reaches out to a command-and-control server to grab more software. MAC addresses for individual machines are not publicly listed, so the attackers must have obtained the targeted machines' MAC addresses by other means.
    "They were not trying to target as many users as possible," Kamluk told Motherboard. "They wanted to get into very specific targets and they already knew in advance their network card MAC address, which is quite interesting."
    quote about MAC address targeting used by the malware from Tom's hardware

Similar Threads

  1. Replies: 12
    Last Post: 17th December 2016, 01:40 PM
  2. Replies: 4
    Last Post: 19th March 2014, 01:33 PM
  3. Replies: 31
    Last Post: 29th August 2008, 12:02 PM
  4. Problem about VsFTPd attack ( scan attack )
    By pratchaya in forum Security and Privacy
    Replies: 0
    Last Post: 25th April 2007, 04:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •