Security flaw exposed in popular computer brand

Kaspersky exposed a security flaw targeting the world’s fifth largest computer company.

Security flaw exposed in popular computer brand

Security experts Kaspersky have exposed a security flaw targeting the online automatic update service of the world’s fifth largest computer company, ASUS.

The flaw is estimated to have affected more than one million computers worldwide and took more than five months to be exposed.

The malware installed via the online automatic update service was designed to create a backdoor for intruders in the machines affected.

Kaspersky was able to determine that the malware was programmed for surgical espionage and that it was designed to accept a second malware payload on specific computers.

Unfortunately, due to the server that delivered the second malware payload no longer being active, they are unable to determine exactly what the second payload may have been. 

Kaspersky did mention that the incident was consistent with a 2017 incident blamed by Microsoft on a Chinese state-backed group the company calls BARIUM.

RELATED ARTICLES





    COMMENTS

    To make a comment, please register or login
    DJE
    7th May 2019
    9:58am
    I have just purchased an Asus laptop, and was prompted to update as soon as I turned the machine on. So, just wondering if this security flaw is still an issue and if so, what is suggested to fix or alleviate any problems. I have installed Trend Security.
    Bushbaby
    7th May 2019
    11:44am
    Go here https://securelist.com/operation-shadowhammer/89992/?utm_source=twitter&utm_medium=social&utm_campaign=us_securelist_Zt0106_organic&utm_content=sm-post&utm_term=us_twitter_organic_Zt0106_sm-post_social_securelist and you'll find a link to download small file that will check your computer to see if it's affected by this problem. It would have been easier if this had been included in the article.
    Clarabelle
    7th May 2019
    4:39pm
    Thanks Bushbaby for the tip which I ran on my ASUS laptop and was relieved to receive the message "Your machine is not affected". Then again ASUS Live Update is not installed on my laptop - don't know why - so therefore have never received an update.
    Bushbaby
    7th May 2019
    11:47am
    Don't know why the url has displayed in such an odd way, but if you just copy and paste into your browser you'll get to the right page. The download link is a fair way down the article, just underneath a graph showing % or victims by country.


    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles