[TC] Hackers dropped a secret backdoor in Asus’ update software - Page 2 - Overclock.net - An Overclocking Community

Forum Jump: 

[TC] Hackers dropped a secret backdoor in Asus’ update software

Reply
 
Thread Tools
post #11 of 37 (permalink) Old 03-26-2019, 05:46 AM
It Just Works
 
TFL Replica's Avatar
 
Join Date: Oct 2008
Posts: 14,908
Quote: Originally Posted by Kree View Post
Is the ASUS Live Update Tool incorporated into MS Windows 10 Updater or is it a standalone executable that comes preinstalled on ASUS manufactured systems and/or a part of the ASUS motherboard installer discs?
It's just a standalone tool that comes preinstalled and/or included in on a disc or product support page.


TFL Replica is online now  
Sponsored Links
Advertisement
 
post #12 of 37 (permalink) Old 03-26-2019, 06:02 AM
New to Overclock.net
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 17,365
Rep: 526 (Unique: 297)
reasons why you should never stick that disk inside your PC for anything other than a nic driver.
skupples is offline  
post #13 of 37 (permalink) Old 03-26-2019, 07:07 AM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 9,050
Rep: 301 (Unique: 220)
"It's too much work to verify what files a company is offering for download and if they were manipulated or not."
What's next, mining using Asus software, probably already been there. Passwords stored as plain text including emails for sign in? Probably.

All this bloatware was always an issue, it's only getting worse.
JackCY is offline  
Sponsored Links
Advertisement
 
post #14 of 37 (permalink) Old 03-26-2019, 07:15 AM
Overclocker in training
 
ThrashZone's Avatar
 
Join Date: Apr 2017
Posts: 6,183
Rep: 48 (Unique: 38)
Hi,
I have no asus auto updater.
They must be referring to oem installs that are known to be bloated.

First thing to do with an oem machine is replace the ssd and clean install

Vaper
(4 items)
CPU
i9-99400x With evo and koolance vrm water blocks
Motherboard
ASUS x299 TUF Mark 2
GPU
Titan Xp with copper Water Block
RAM
Trident Z 3600C16 4x8gb's b-die default timings 16-16-16-36
Hard Drive
Samsung 850 Pro 256gb for os and 500gb evo for favorite games plus other wd hdd's for data and backup's
Optical Drive
LG Blu-Ray WH16NS40
Power Supply
evga 1200P2
Cooling
2-280GTX Black Ice Nemesis rads with D5 pump-res combo and D5 top before and after rads.
Case
corsair 450D with added 2nd floor to house radiator on top
Operating System
Win-7 pro & 10 pro Win-7 Primary os.
Monitor
ASUS VG248QE 24" 144Hz
Keyboard
Logitech G910 Orion spectrum
Mouse
redragon
Audio
Insignia 2.0 soundbar HSB318
CPU
i7-5930k with evo and koolance vrm water blocks
Motherboard
X99 Sabertooth
GPU
EVGA 1080ti FTW3 with Water block
RAM
Trident-Z 3200C14 4x8gb's b-die default timings 14-14-14-34
Hard Drive
Samsung 850 Pro 256gb for os and 500gb evo for favorite games plus other wd hdd's for data and backup's
Power Supply
EVGA 1000w P2
Cooling
2-240 GTX Black Ice Nemesis rads/ D5 pump-res combo and D5 top before and after rads.
Case
Corsair 450D with added 2nd floor to house radiator on top
Operating System
Win-7 and 10 pro Win-7 Primary os.
Monitor
AOC G2460PG 24"G-Sync 144Hz
Mouse
Red Dragon
Audio
Insignia 2.0 soundbar HSB318
Hard Drive
eLeaf MELO-3 4ml
Power Supply
SE US18650VTC6 3120mAh 30A 3.6V 18650 Li-ion Battery - GREENx4
Case
SMOK Alien 220w
Operating System
VapeWild RazzleBerry 50-50-3mg
▲ hide details ▲

Last edited by ThrashZone; 03-26-2019 at 08:39 AM.
ThrashZone is offline  
post #15 of 37 (permalink) Old 03-26-2019, 11:15 AM
Old to Overclock.net
 
xJumper's Avatar
 
Join Date: Jan 2008
Posts: 1,994
Rep: 109 (Unique: 96)
After further reading it seems that I'm immune to this, I don't use the Asus update tool; my "driver updates" are built into the kernel

I do however have an OEM Asus laptop with crap 10 on it. While I always de bloat the heck out of OEM computers it's possible I have some trace of this left on my rig. I don't run a user with admin privileges on it though and used it only a handfull of times in the past year.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
post #16 of 37 (permalink) Old 03-26-2019, 12:11 PM
Top kek
 
Join Date: Oct 2013
Location: Bulgaria , Sofia
Posts: 3,325
Rep: 110 (Unique: 65)
Quote: Originally Posted by xJumper View Post
After further reading it seems that I'm immune to this, I don't use the Asus update tool; my "driver updates" are built into the kernel

I do however have an OEM Asus laptop with crap 10 on it. While I always de bloat the heck out of OEM computers it's possible I have some trace of this left on my rig. I don't run a user with admin privileges on it though and used it only a handfull of times in the past year.
I would recommend to just install from a clean ISO. They do some deep branding on the OSes.

Previous Hardware:
Spoiler!
Desktop PC
(19 items)
CPU
AMD FX-8320
Motherboard
ASRock Fatal1ty 990FX Killer
GPU
Sapphire Nitro+ RX480
GPU
XFX RX470 Singlefan
GPU
MSI RX580 GamingX 4GB
RAM
Mushkin Redline 996996 2x4GB 2133Mhz
Hard Drive
Western Digital 160GB 7200RPM 8MB
Hard Drive
Maxtor 250GB 7200RPM 8MB
Hard Drive
Corsair Force LS
Hard Drive
WesternDigital Blue 500GB 7200RPM 16MB
Power Supply
Corsair TX850M
Cooling
ThermalTake Frio Silent 14
Case
ThermalTake View 27
Operating System
Windows 10 Enterprise 1607
Operating System
Linux Mint 17.3 Rosa
Monitor
AOC i2267FWH
Keyboard
Logitech K120
Mouse
Bloody V5
Audio
Corsair HS30 Raptor
▲ hide details ▲
ku4eto is offline  
post #17 of 37 (permalink) Old 03-26-2019, 12:26 PM - Thread Starter
Retired Staff
 
JedixJarf's Avatar
 
Join Date: Dec 2010
Location: Coruscant
Posts: 9,361
Rep: 304 (Unique: 243)
Quote: Originally Posted by ku4eto View Post
I would recommend to just install from a clean ISO. They do some deep branding on the OSes.
This ^


JedixJarf is offline  
post #18 of 37 (permalink) Old 03-26-2019, 10:47 PM
New to Overclock.net
 
8051's Avatar
 
Join Date: Apr 2014
Posts: 2,673
Rep: 21 (Unique: 15)
Quote: Originally Posted by epic1337 View Post
a compromised administration account would allow all that.
But you can block SSH traffic from external IP's, in which case how would you login to the servers that host the files?
8051 is offline  
post #19 of 37 (permalink) Old 03-26-2019, 11:34 PM
professional curmudgeon
 
looniam's Avatar
 
Join Date: Apr 2009
Posts: 9,200
Rep: 767 (Unique: 444)
https://motherboard.vice.com/en_us/a...s-of-computers

Quote:
The ASUS live update tool that delivered malware to customers last year is installed at the factory on ASUS laptops and other devices. When users enable it, the tool contacts the ASUS update server periodically to see if any firmware or other software updates are available.

The malicious file pushed to customer machines through the tool was called setup.exe, and purported to be an update to the update tool itself. It was actually a three-year-old ASUS update file from 2015 that the attackers injected with malicious code before signing it with a legitimate ASUS certificate. The attackers appear to have pushed it out to users between June and November 2018, according to Kaspersky Lab. Kamluk said the use of an old binary with a current certificate suggests the attackers had access to the server where ASUS signs its files but not the actual build server where it compiles new ones. Because the attackers used the same ASUS binary each time, it suggests they didn’t have access to the whole ASUS infrastructure, just part of the signing infrastructure, Kamluk notes. Legitimate ASUS software updates still got pushed to customers during the period the malware was being pushed out, but these legitimate updates were signed with a different certificate that used enhanced validation protection, Kamluk said, making it more difficult to spoof.

"Name as many uses for a brick as you can in one minute." - interview at graphics-chip maker Nvidia for a campaign-manager job
Fermi: it's better to burn out than fade away.
Remember the golden rule of statistics: A personal sample size of one is a sufficient basis upon which to draw universal conclusions.
"The more you buy, the more you save." - Jensen Huang GTC 2018
loon 3.2
(18 items)
CPU
i7-3770K
Motherboard
Asus P8Z77-V Pro
GPU
EVGA 980TI SC+
RAM
16Gb PNY ddr3 1866
Hard Drive
PNY 1311 240Gb
Hard Drive
1 TB Seagate
Hard Drive
3 TB WD Blue
Optical Drive
DVD DVDRW+/-
Power Supply
EVGA SuperNova 750 G2
Cooling
EKWB P280 kit
Cooling
EK-VGA supremacy
Case
Stryker M [hammered and drilled]
Operating System
Win X
Monitor
LG 24MC57HQ-P
Keyboard
Ducky Zero [blues]
Mouse
corsair M65
Audio
SB Recon3D
Audio
Klipsch ProMedia 2.1
▲ hide details ▲


looniam is online now  
post #20 of 37 (permalink) Old 03-27-2019, 12:19 AM
Graphics Junkie
 
UltraMega's Avatar
 
Join Date: Feb 2017
Location: USA
Posts: 839
Rep: 15 (Unique: 15)
Well at least it wasn't a PewDiePie ransomware...

i7 7700kK @4.2ghz
16GB DDR4 3200mhz
GeForce 1080 Ti
UltraMega is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off