Forgot your password?
typodupeerror
Security Bug

Asus.com Compromised With Exploit Code 117

Posted by kdawson
from the be-careful-out-there dept.
Juha-Matti Laurio writes in with news that the Web site of ASUSTeK Computer (asus.com) has been compromised to spread exploit code. The original report from Kaspersky Lab claimed that the compromise lead to code exploiting the recently patched Microsoft Windows Animated Cursor (.ANI) 0-day vulnerability, but sans.org found no evidence of this. Apparently a malicious iframe was added to one of the machines in asus.com's DNS round-robin.
This discussion has been archived. No new comments can be posted.

Asus.com Compromised With Exploit Code

Comments Filter:
  • by Aminion (896851) on Saturday April 07, 2007 @07:42PM (#18651123)
    ... you don't have to visit porn, warez or shady sites to get your computer infected with all sorts of nastiness; "trusted" sites will just do.
    • by Anonymous Coward
      What this actually shows is that Windows is unfit for business uses. Even when using their top-end Windows Server products, it's obviously a very poor choice. Between the great expense, the low quality and the numerous security problems, there's no good reason to be using it.

      I can think of one reason why a company would go with Windows-based systems: ignorance. This includes ignorance on the part of the network designers and administrators, who do not stand up and demand to use Solaris, Linux, HP-UX, AiX, F
      • Re: (Score:3, Interesting)

        by toadlife (301863)
        So what exploit in IIS6 do you think let this hack happen?
      • Unfortunately, it becomes a chicken vs. egg problem - critical apps that only run under windows, ergo they need windows. And they need windows because all of their customers are using windows, so.....

        Convincing your CEO or CIO to switch to FOSS (even if they would dearly love to) is like convincing a hard core gamer to drop microsoft. They will do it the day WOW or Everquest or runs flawlessly under Linux.

        • Re: (Score:2, Insightful)

          by PPH (736903)
          What sort of Windows-speific app do you think Asus has to run on their web servers? All they are doing is distributing divers, technical specs and product literature. From the point of view of a Unix/Linux/Solaris system, these are just binaries and the web servers could care less about the contents.


          This is one of the problems I've seen repeatedly with CIOs who have been brought up drinking the Microsoft Kool-Aide. They've never bothered to question the 'one size fits all' sales pitches.

    • Re: (Score:2, Funny)

      by plague*star (731804)
      ... you don't have to visit porn, warez or shady sites to get your computer infected with all sorts of nastiness; "trusted" sites will just do.

      I suspect the actual plan was to infect all the people mis-typing "anus.com"

      P*S

  • jpeg or png? (Score:4, Insightful)

    by MichaelSmith (789609) on Saturday April 07, 2007 @07:54PM (#18651195) Homepage Journal

    TFA:

    up to no good pointing to another obfuscated javascript and a executable cloaked as a jpg file

    Then:

    Name: next3.png

    So is next3.png the real exploit and are they using "jpeg" to mean an image file? Or is there a jpeg file involved here?

    • Does windows even care what the extension is?
      It attempts to read a file (of whatever name) and uses the parser which appears to fit.
      You can store jpeg data inside a file called *.png and vice versa.
  • by Indy1 (99447)
    Most of the motherboard oem's use IIS for their web sites. They tend to be incredibly slow, go down all the time, and often render poorly (or not at all) on anything other then IE.

    All signs of poor admins.
    • by GeRM_007 (627791) on Saturday April 07, 2007 @08:30PM (#18651411)
      I was on their site last weekend, looking for a new BIOS and drivers. Their support web server was completely down. I called up to complain, and their tech support told me that they are aware of it, and have been having problems with it for a couple weeks now as they are changing their infrastructure. A couple weeks!!! Even their tech support couldn't access it, or even tell me what the BIOS version number was. This compromise is probably a result of an incorrectly configured server, which is a result of incompetent admins. All this results in them losing me as a customer. Good riddance Asus.
      • by Excelcia (906188) <kfitzner@excelcia.ca> on Saturday April 07, 2007 @09:36PM (#18651751) Homepage Journal
        How dare their web site go down when I need a driver? How dare anyone ever have a problem they don't know how to solve in sufficient time to deal with my selfish and entitled demands? Their tech support exists (solely, I might add) to tell me the bios version I need. So bye bye Asus, I consign you to the ash heap of history while I move along to a company that forces its developers to blog for me, whose support staff reads my every web site comment (including the ones on third party sites), and that spends every last dollar it has on server infrastucture. Of course, I don't particularly care that this company will be out of business in no time, because there are a constant influx of new companies who are willing to lose money for a year and fold.

        And to top it all off... BAH HUMBUG!
        • To be fair, he shouldn't have to wait three weeks to get a stupid tech support question answered or download a driver. They should have some kind of backup plans in place (or make a new one up, with a three week window, there's even time for that) in the event that the website is going to be down for that long. Especially if they know it's going to be down for that long.

          Three weeks is a long time for a total tech support blackout.
        • by pipingguy (566974) *
          Not trying to be an asshole or anything, but DARPA invented the net so that there would be no un-recoverable points of failure.

          Learn how to do stuff without having to rely on computers.
        • Re: (Score:3, Insightful)

          For the longest time, I loved my Asus notebook (A7Vc). Heavy fucker, but great. 1.86GHz Pentium M (It's 18 months old), 2GB RAM, 1440x900, ATI Mobility Radeon x700, integrated HDTV. Lots of nice stuff.

          But it hasn't seen a driver update from Asus in coming up on a year. Not a single Vista driver? For a notebook that was one of your top-of-the-line models (yeah, yeah, I know time moves fast)? When there are HUNDREDS of posts on your forums about the integrated webcam breaking EVERY video input software under

        • Re: (Score:3, Informative)

          by Flendon (857337)
          Asus is known for their site being down for days at a time, having horrendous javascript, and often breaking in firefox. They are also known for having an unresponsive customer service. The most common answer you get is "look at our forums", yet their own forums indicate the problem is known and unresolved. To pick just one issue I've had with them as an example, due to their buggy firmware my DVD+-RW was recognized as a CD-R for over a year before they finally fixed it, with hundreds of people claiming the
      • by svallarian (43156)
        remember when companies would just have an FTP site (sorted by product model) that you could get in and download the drivers you needed?

        Progress, I tell ya, progress.

        • by Ilgaz (86384)

          remember when companies would just have an FTP site (sorted by product model) that you could get in and download the drivers you needed?

          Progress, I tell ya, progress.
          I bet IE horrible FTP support was one of the reasons. Remember how pathetic IE 4 handled FTP protocol mounting FTP servers to desktop creating totally confused users?

          In fact OS X Safari made same error and recent webkits show they moved back to Netscape style FTP browsing.
      • by jez9999 (618189)
        Asus have a support department??

        - Disgruntled Asus customer
    • by Anonymous Coward
      Yes, the admins are to blame. Even as Windows administrators, they should be advocating the use of Solaris, Linux, AiX, HP-UX, FreeBSD, Mac OS X, or some other non-Windows system. Why is that? Because those are secure, reliable, efficient, high-quality operating systems. If the admins don't advocate the use of such systems, and instead suggest Windows, then they are not performing their job correctly. They should be relieved of their duties.

      But we can't blame just the admins. We also have to blame the netwo
      • by sumdumass (711423)
        lol. just because windows ships less secure then any of the others OSes doesn't mean that have to stay that way. I have some very secure windows systems that have been running trouble and update free for quite a while now (two years for one).

        Now I'm just as much an open source fan as anyone here. A linux box probably would have been a better system to use the a windows one. But there is no technical reason that windows couldn't be used in this way and be just as secure overall.
    • "and often render poorly (or not at all) on anything other then IE"

      Because that has a whole lot to do with the admins, or the webserver they run...
    • At least it's IIS 6, according to NetCraft.
    • by dillee1 (741792)
      Besides from the shortcomings you have just mentioned, many of these chinese/taiwanese sites are infested with flash. Some put a flash page right as front page with no escape link. Some even have the whole site completely flashified and offers no html alternative.

      I browse these sites to look for new product or support, not wasting my bandwidth watching stupid animation. Usually I exit right the way when seeing a site like this. I can't trust anyone's product if they can't even get their website right.
    • by Ilgaz (86384)

      Most of the motherboard oem's use IIS for their web sites. They tend to be incredibly slow, go down all the time, and often render poorly (or not at all) on anything other then IE.

      All signs of poor admins.

      I have always wondered if it has something to do with "being nice to Microsoft".

      You know, if Microsoft wants to mess with your Intel or AMD motherboard they sure can. After your sales dip, they would happily release a patch saying "apologies".

      One of those poor admins killed my motherboard by putting wrong BIOS update back in the day. That is the same company "invented" a true safe (dual chip) BIOS a bit later. That made me bitterly smile when I heard.

  • by chromozone (847904) on Saturday April 07, 2007 @08:23PM (#18651383)
    Many people who like Asus products know the Asus website is awful. No problem on that site would come as any surprise to anyone who goes there for updates or information. I'm glad it's no big deal this specific problem but that is still one dodgey site that needs TLC quite desperately.
    • by madclicker (827757) on Saturday April 07, 2007 @08:48PM (#18651471)
      I second that. They use M$ ftp servers with download speeds of 7MB per second. They have an issue since 2000 and never been able to fix their website. What a shame for a company that deals with technology. The funny thing is on their download site they have four locations like: Global, USA, China, Europe, Japan, but all are coming of the same subnet. Morons.
    • by jandrese (485)
      Yeah, their website is atrocious and they don't seem to care. That's unfortunately not uncommon among motherboard manufacturers.
      • by Fred_A (10934)
        That's actually how you can tell you've got the right website and not some kind of domain squatter's scam that was quickly setup on a Linux/Apache server on the Azus.com (or whatever misspelled motherboard maker) domain. I personally find it to be a convenient feature.
  • Advice (Score:4, Interesting)

    by MindStalker (22827) <mindstalker.gmail@com> on Saturday April 07, 2007 @08:26PM (#18651401) Journal
    Ok, friday I reinstalled a Asus laptop. While applying updates I was downloading asus drivers. Should I be concerned that I visited their site without a fully patched system? I hate to do it all over again? Any suggestions in how I can tell if I was infected.
    • Re: (Score:2, Funny)

      by lavid (1020121)
      Isn't "installing a laptop" just plugging in the power supply / battery?
    • Re: (Score:1, Informative)

      by Anonymous Coward
      "The script at the time we looked at it was obfuscated and leads to a VBscript"

      so only IE users need to worry.
    • Re: (Score:1, Troll)

      by miscz (888242)

      Why should you be worried? Oh, you might be using Windows... then yes. But then again you should be worried the moment you plug in the ethernet cable. BTW, it's safe to turn off Security Center service, just memorize "your computer might not be safe", SC sometimes is wrong and says you're OK.

      Yup, it's a troll, but I just can't resist having fun at expense of Windows users :)

    • Re: (Score:1, Funny)

      by Anonymous Coward
      Did you check the digital signatures of the drivers that you downloaded?
    • Re: (Score:3, Informative)

      by Plutonite (999141)
      If you visited their website using IE then yes (and insert a lot of jeering here for using IE) be very concerned. Firefox is immune because it's the IE rendering engine that is exploited.

      That said, your file explorer on windows also uses the said engine, so any files you download are a threat as soon as you browse to their location. If you have put these files somewhere you know of, try using the windows shell to move them into a directory you don't like to go to very often. Then wait until spyware/anti-vir
  • by postbigbang (761081) on Saturday April 07, 2007 @08:50PM (#18651483)
    The Kapersky source material is poorly written. Dig was used to compare DNS servers, but the actual problem was a round-robin home page with outreaching code with little presents inside. At first glance, it sounded like a DNS exploit but it's not-- it's a good old fashion page re-write. DNS has nothing to do with it.
  • by I)_MaLaClYpSe_(I (447961) on Saturday April 07, 2007 @09:41PM (#18651801)
    From isc.sans.org [sans.org]:

    UPDATE #2: That second javascript referred in the vbscript above didn't decode, it seems it's just not encoded right, but when decoding the string with a plain base64 routine, it does decode to what leads to an ANI exploit. You never know what a buggy script and a buggy browser do together.
  • I'm running Linux right now. If I go to the ASUS site and view the hacked iframe or whatever, will it be like Yoda fighting whathisname where he absorbs the Force Lightning and throws it back at his opponent?

    It'll be like: .ANI: Woah, wtf is this shit!
    Linux: I ownz you d00d! .ANI: AHHHH!

    ASUS.com gets knocked off-line.

    That'd be righteous. Or I could lay off the rum.
    • by guruevi (827432)
      Have you ever used the ASUS website? Any of their websites (the US, the European or the Taiwanese one) is always down, or slowed down to a crawl. It's nigh impossible to get anything (let alone information or drivers) from there. I used to surf around for minutes searching other sites to download their shite and their page was still coming in at 1k/s and they seem to have a 3MB large page.

      So yeah, it's already off-line, slashdotting it is not going to help a lot.
  • Have you actually tried to use their servers?

    They are so unbelievably slow and unresponsive you have to use the .tw version.

    I don't remember always having those problems, but in the last few years it seems they have not grown to meet the demand.

    I think this should guarantee safety for more then a few of us who gave up going back there.

    • They run Windows 2003. Just about says it all doesn't it?

      On the other hand, I recently following some live changing events I had to work with three different machines in getting them back up and working. A HP kayak early P3 generation, a self built asus P3 (both dual) and a g3.

      Can you guess from wich site I had the least problem getting info?

      Yeah the apple site was fast, and constantly telling me about OS-X while the actuall bloody machine ran 8.6, HP had retired much of the data leaving only ASUS to sti

  • by AndrewM1 (648443)
    I'm surprised that whomever managed to crack into ASUS's servers only inserted malevolent HTML. Imagine the utter destruction they could have caused if they had *enhanced* the firmware downloads with some sort of (probably boot-sector) virus, or simply modified them to destroy the motherboard... *Shudder*

    Why wouldn't they? Are the file images stored separately or otherwise better protected?
    • by Durzel (137902)
      No money in it, for starters.

      The people involved in doing things like this are more than likely part of groups who seek to make money by "selling" comprimised hosts to the various other nefarious computing industries like spammers, etc.

      Not to mention of course that modifying binary code, especially BIOS firmware, etc to do the sort of thing you suggest and still actually function is very difficult indeed. Chances are the people who altered the Asus site could've easily used script-kiddy proof-of-concept ex
    • by m50d (797211)
      Imagine the utter destruction they could have caused if they had *enhanced* the firmware downloads with some sort of (probably boot-sector) virus, or simply modified them to destroy the motherboard... *Shudder*


      Why wouldn't they?

      There's no money in utter destruction. They want the infected machines alive and well and sending out spam - and doing that from the bios code is too much effort.

  • I needed to reinstall windows on a box so I went to the Asus website to see if it felt like working today. It was slow as hell as usual but when I finally got to the page for my mobo the links to where the drivers were actually hosted were completely broken. I tired again the next day and still the same thing. I was kinda pissed because I've bought a lot of Asus mobo's as well as several Asus video cards and their website has always sucked but now it's totally non functional. I know all the stuff I need
    • You bought a cutrate product and expect firstrate support.

      Mmm, do you have any idea how much tech support costs? Do you have any idea for that matter just how little margin there is on products like this?

      They just don't want to do personal tech support because it eats away their profits like you won't believe.

      Oh, and if you know your device, you can easily find it on their site and then find all the drivers you need.

      It is slow as hell, to be sure but you cannot fault them for you not being able to find

      • by brouski (827510)
        That's interesting. I've always seen Asus as a high-end performance enthusiast mainboard manufacturer.
      • by EkimAW (1085527)
        It was the first time I've ever called customer service for any piece of computer hardware (besides a few hdd's, which died within warranty). I don't really want human customer service... I'm totally capable of taking care of myself and finding the drivers elsewhere, which I did as I said. I just think they should fix the support section of their website or take it off-line so customers know they don't offer that kind of service (which they basically don't). It's annoying to hunt down the drivers. You d
    • by lintux (125434)
      Do you also have an Asus keyboard?

      Does it have an Enter key? ;-)
  • I read another commenter talk about how Chinese hackers (given away by the characters) overlapped his entire companies web browsers with iframes and used clever java to capture every keystroke and input, could this be somewhat related? Sorry, didn't RTFA

To thine own self be true. (If not that, at least make some money.)

Working...