Asus.com Compromised With Exploit Code

Juha-Matti Laurio writes in with news that the Web site of ASUSTeK Computer (asus.com) has been compromised to spread exploit code. The original report from Kaspersky Lab claimed that the compromise lead to code exploiting the recently patched Microsoft Windows Animated Cursor (.ANI) 0-day vulnerability, but sans.org found no evidence of this. Apparently a malicious iframe was added to one of the machines in asus.com's DNS round-robin.

Further evidence that ...

[Aminion]

... you don't have to visit porn, warez or shady sites to get your computer infected with all sorts of nastiness; "trusted" sites will just do.

Advice

[MindStalker]

Ok, friday I reinstalled a Asus laptop. While applying updates I was downloading asus drivers. Should I be concerned that I visited their site without a fully patched system? I hate to do it all over again? Any suggestions in how I can tell if I was infected.

Re:DNS needs improvment...

[JWSmythe]

    The one that always annoyed me was Promise. That is, when I was still using their hardware. :)

    http://promise.com/ [promise.com] goes to a blank index page.

    http://www.promise.com/ [promise.com] goes to their real content page.

   

Only website affected?

[AndrewM1]

I'm surprised that whomever managed to crack into ASUS's servers only inserted malevolent HTML. Imagine the utter destruction they could have caused if they had *enhanced* the firmware downloads with some sort of (probably boot-sector) virus, or simply modified them to destroy the motherboard... *Shudder*

Why wouldn't they? Are the file images stored separately or otherwise better protected?

Comment removed

[account_deleted]

Comment removed based on user account deletion