[TC] Hackers dropped a secret backdoor in Asus’ update software - Page 2 - Overclock.net - An Overclocking Community

Forum Jump: 

[TC] Hackers dropped a secret backdoor in Asus’ update software

Reply
 
Thread Tools
post #11 of 37 (permalink) Old 03-26-2019, 05:46 AM
It Just Works
 
TFL Replica's Avatar
 
Join Date: Oct 2008
Posts: 15,071
Quote: Originally Posted by Kree View Post
Is the ASUS Live Update Tool incorporated into MS Windows 10 Updater or is it a standalone executable that comes preinstalled on ASUS manufactured systems and/or a part of the ASUS motherboard installer discs?
It's just a standalone tool that comes preinstalled and/or included in on a disc or product support page.


TFL Replica is offline  
Sponsored Links
Advertisement
 
post #12 of 37 (permalink) Old 03-26-2019, 06:02 AM
Food Editor
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Bradentucky
Posts: 24,641
Rep: 725 (Unique: 381)
reasons why you should never stick that disk inside your PC for anything other than a nic driver.

Add me on Steam, same name
R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
Best R0ach Quote of all time : TLDR: Haswell might be the last legit gaming platform unless mice get their own non-USB interface on some newer architecture.
skupples is offline  
post #13 of 37 (permalink) Old 03-26-2019, 07:07 AM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 10,854
Rep: 358 (Unique: 255)
"It's too much work to verify what files a company is offering for download and if they were manipulated or not."
What's next, mining using Asus software, probably already been there. Passwords stored as plain text including emails for sign in? Probably.

All this bloatware was always an issue, it's only getting worse.
JackCY is offline  
Sponsored Links
Advertisement
 
post #14 of 37 (permalink) Old 03-26-2019, 07:15 AM
Overclocker in training
 
ThrashZone's Avatar
 
Join Date: Apr 2017
Location: Texas
Posts: 11,615
Rep: 172 (Unique: 105)
Hi,
I have no asus auto updater.
They must be referring to oem installs that are known to be bloated.

First thing to do with an oem machine is replace the ssd and clean install

CPU
i9-9940x With Optimus Foundation copper-plexi and Heatkiller VRM copper-plexi water block
Motherboard
ASUS x299 Rampage VI Apex
GPU
Titan Xp with copper-plexi Water Block
RAM
Trident Z 3600C16 4x8gb's b-die default timings 16-16-16-36
Hard Drive
Samsung 970 Evo Plus 500gb M.2/ Samsung 850 Pro 256gb for os and 500gb evo for favorite games plus other wd hdd's for data and backup's
Optical Drive
LG Blu-Ray WH16NS40
Power Supply
evga 1200-P2
Cooling
D5 pump reservoir combo/ GTX280/ VRM block/ GTX280/ D5 top/ CPU block/ GPU block/ Mora 360/ repeat.
Cooling
MO-RA3 360 PRO stainless steel (25022)
Case
corsair 450D with added 2nd floor to house radiator on top
Operating System
Win-7 pro & 10 pro Win-7 Primary os.
Monitor
ASUS VG248QE 24" 144Hz
Keyboard
Logitech G910 Orion spectrum
Mouse
Redragon Perdition
Audio
Built in realtek and Insignia 2.0 soundbar HSB318
Other
5.0/https://valid.x86.fr/ez2ifr
CPU
i7-5930k with Heatkiller IV Pro Plexi-Copper and koolance vrm water blocks
Motherboard
X99 Sabertooth
GPU
EVGA 1080ti FTW3 with Water block
RAM
Trident-Z 3200C14 4x8gb's b-die default timings 14-14-14-34
Hard Drive
Samsung 970 Evo 500gb M.2/ Samsung 850 Pro 256gb for os and 500gb evo for favorite games plus other wd hdd's for data and backup's
Optical Drive
LG Blu-Ray WH16NS40
Power Supply
EVGA 1000-P2
Cooling
D5 reservior combo/ 240GTX/ Koolance VRM block/ 240GTX/ D5 Top/ CPU block/ Gpu block/ Mora 360LT/ back to reservoir
Cooling
Mora 360LT black 25000
Case
Corsair 450D with added 2nd floor to house radiator on top
Operating System
Win-7 and 10 pro Win-7 Primary os.
Monitor
AOC G2460PG 24"G-Sync 144Hz
Keyboard
Logitech G710+
Mouse
Red Dragon Perdition
Audio
Built in realtek and Insignia 2.0 soundbar HSB318
CPU
10900k batch # X016E724
Hard Drive
Samsung 970 evo 500gb
Power Supply
EVGA 1000P2
Case
Corsair 450D
Operating System
VapeWild RazzleBerry 50-50-0mg nic
▲ hide details ▲

Last edited by ThrashZone; 03-26-2019 at 08:39 AM.
ThrashZone is online now  
post #15 of 37 (permalink) Old 03-26-2019, 11:15 AM
Old to Overclock.net
 
Join Date: Jan 2008
Posts: 2,088
Rep: 125 (Unique: 106)
After further reading it seems that I'm immune to this, I don't use the Asus update tool; my "driver updates" are built into the kernel

I do however have an OEM Asus laptop with crap 10 on it. While I always de bloat the heck out of OEM computers it's possible I have some trace of this left on my rig. I don't run a user with admin privileges on it though and used it only a handfull of times in the past year.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
post #16 of 37 (permalink) Old 03-26-2019, 12:11 PM
Top kek
 
Join Date: Oct 2013
Location: Bulgaria , Sofia
Posts: 3,537
Rep: 119 (Unique: 72)
Quote: Originally Posted by xJumper View Post
After further reading it seems that I'm immune to this, I don't use the Asus update tool; my "driver updates" are built into the kernel

I do however have an OEM Asus laptop with crap 10 on it. While I always de bloat the heck out of OEM computers it's possible I have some trace of this left on my rig. I don't run a user with admin privileges on it though and used it only a handfull of times in the past year.
I would recommend to just install from a clean ISO. They do some deep branding on the OSes.

Previous Hardware:
Spoiler!
Main rig
(16 items)
Parents (2nd) PC
(13 items)
CPU
AMD R7 1700
Motherboard
ASRock X570 Fatal1ty Gaming K4
GPU
Sapphire RX480 4GB Nitro+
RAM
Corsair Vengeance LPX 2x8GB 3200Mhz
Hard Drive
Corsair ForceLS SSD
Hard Drive
250GB Maxtor SATA 7200RPM 8MB
Hard Drive
250GB Seagate Baracuda SATA 7200RPM 8MB
Hard Drive
500GB WesternDigital Blue 7200RPM 16MB
Power Supply
Corsair TX850M
Cooling
Cooler Master 212 EVO
Case
Thermaltake View 27
Operating System
Windows 10 x64 1607
Monitor
AOC i2267FWH 21.5" 1080p IPS
Keyboard
Logitech K120
Mouse
A4 Tech Bloody v5
Audio
Corsair HS30 Raptor
CPU
AMD FX-8320
Motherboard
ASRock Fatal1ty 990FX Killer
GPU
XFX RX470 4GB SingleFan
RAM
Mushkin Redline 996996 2x4GB 2133Mhz
Hard Drive
Western Digital Green 500GB 7200RPM 8MB
Hard Drive
120GB Kingston SSD
Optical Drive
ASUS DVD+RW x52
Power Supply
Corsair VS650
Cooling
ThermalTake Frio Silent 14
Case
DeepCool Tesseract
Operating System
Windows 10 Enterprise 1607
Monitor
ASUS VS228H 21.5"
Keyboard
Logitech K120
▲ hide details ▲
ku4eto is offline  
post #17 of 37 (permalink) Old 03-26-2019, 12:26 PM - Thread Starter
Retired Staff
 
JedixJarf's Avatar
 
Join Date: Dec 2010
Location: Coruscant
Posts: 9,467
Rep: 305 (Unique: 244)
Quote: Originally Posted by ku4eto View Post
I would recommend to just install from a clean ISO. They do some deep branding on the OSes.
This ^


JedixJarf is online now  
post #18 of 37 (permalink) Old 03-26-2019, 10:47 PM
New to Overclock.net
 
8051's Avatar
 
Join Date: Apr 2014
Posts: 3,535
Rep: 30 (Unique: 21)
Quote: Originally Posted by epic1337 View Post
a compromised administration account would allow all that.
But you can block SSH traffic from external IP's, in which case how would you login to the servers that host the files?
8051 is offline  
post #19 of 37 (permalink) Old 03-26-2019, 11:34 PM
professional curmudgeon
 
looniam's Avatar
 
Join Date: Apr 2009
Posts: 10,097
Rep: 828 (Unique: 464)
https://motherboard.vice.com/en_us/a...s-of-computers

Quote:
The ASUS live update tool that delivered malware to customers last year is installed at the factory on ASUS laptops and other devices. When users enable it, the tool contacts the ASUS update server periodically to see if any firmware or other software updates are available.

The malicious file pushed to customer machines through the tool was called setup.exe, and purported to be an update to the update tool itself. It was actually a three-year-old ASUS update file from 2015 that the attackers injected with malicious code before signing it with a legitimate ASUS certificate. The attackers appear to have pushed it out to users between June and November 2018, according to Kaspersky Lab. Kamluk said the use of an old binary with a current certificate suggests the attackers had access to the server where ASUS signs its files but not the actual build server where it compiles new ones. Because the attackers used the same ASUS binary each time, it suggests they didn’t have access to the whole ASUS infrastructure, just part of the signing infrastructure, Kamluk notes. Legitimate ASUS software updates still got pushed to customers during the period the malware was being pushed out, but these legitimate updates were signed with a different certificate that used enhanced validation protection, Kamluk said, making it more difficult to spoof.

Remember the golden rule of statistics: A personal sample size of one is a sufficient basis upon which to draw universal conclusions.
Upload the computer to Dropbox and provide a link to it so others may download it to examine and give advice for repairs.
loon 3.2
(18 items)
CPU
i7-3770K
Motherboard
Asus P8Z77-V Pro
GPU
EVGA 980TI SC+
RAM
16Gb PNY ddr3 1866
Hard Drive
PNY 1311 240Gb
Hard Drive
1 TB Seagate
Hard Drive
3 TB WD Blue
Optical Drive
DVD DVDRW+/-
Power Supply
EVGA SuperNova 750 G2
Cooling
EKWB P280 kit
Cooling
EK-VGA supremacy
Case
Stryker M [hammered and drilled]
Operating System
Win X
Monitor
LG 24MC57HQ-P
Keyboard
Ducky Zero [blues]
Mouse
corsair M65
Audio
SB Recon3D
Audio
Klipsch ProMedia 2.1
▲ hide details ▲


looniam is offline  
post #20 of 37 (permalink) Old 03-27-2019, 12:19 AM
Graphics Junkie
 
UltraMega's Avatar
 
Join Date: Feb 2017
Location: USA
Posts: 2,011
Rep: 56 (Unique: 51)
Well at least it wasn't a PewDiePie ransomware...

4K Rig
(7 items)
CPU
Intel 7700k @4.2ghz
GPU
Zotec 1080 Ti
RAM
16GB 3200mhz DDR4
Hard Drive
250GB nvme + 500GB SSD + 4TB HDD
Monitor
Samsung 4K 65 inch TV
Monitor
Pixio PX276 27inch 144Hz 1ms 1440p
Audio
Sound Blaster z
▲ hide details ▲
UltraMega is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off