Asus.com Compromised With Exploit Code 117
Juha-Matti Laurio writes in with news that the Web site of ASUSTeK Computer (asus.com) has been compromised to spread exploit code. The original report from Kaspersky Lab claimed that the compromise lead to code exploiting the recently patched Microsoft Windows Animated Cursor (.ANI) 0-day vulnerability, but sans.org found no evidence of this. Apparently a malicious iframe was added to one of the machines in asus.com's DNS round-robin.
Re: (Score:1)
Re:DNS needs improvment... (Score:5, Informative)
You DO know that www. is just another subdomain, right? The only reason it's special is because most/all websites mirror <hostname> onto www.<hostname>. But it doesn't HAVE to be like that. Slashdot doesn't do it like that, for instance.
It doesn't matter if the DNS entry has www. on it or not, the address is still owned by the same person and will get directed to a machine they specified (or nowhere).
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
That does not matter in this case.
The GP is insinuating that one can "always" go to the 2nd level domain instead to its "www" sub-domain and get to the website. I merely pointed out that in many configurations (specially large, multi-lingual sites) that is not true. If you alias the virtual sites you still haven't avoided the problem because only one of those can be aliased to "mydomain.com" (which in case of such large sites usually goes to the "Wold-wide" site which then asks you to select your country a
Re: (Score:2)
First, "www" is (usually) a hostname in a (sub)domain, not a subdomain itself.
Second, you are correct, it is technically possible that "http://www.example.com" and "http://example.com" serve different content. Clueful folks don't set things up that way.
Third, if "http://example.com" responds to HTTP GETs, it DOES usually serve the same content as "http://www.example.com", so you'r
Re: (Score:2)
Sigh.
That's all I am going to say to that rant. You figure it out.
Re: (Score:2)
Third, if "http://example.com" responds to HTTP GETs,
So let's give that a try then, eh?
Now...did I figure that out ok
Re: (Score:2)
You are such a phony.
164.109.25.194 responds to telnet on 80 but it does not serve any web pages (which is clearly visible from your own "rebuttal" where you are bailing out with the telnet escape sequence after it timed out on you). Show the complete HTTP sequence. Or even get an HTTP error 400 to your request like you got with the actual honda site.
207.130.95.62 persistently times out even connecting, which you made su
Re: (Score:2)
You are such a phony.
Oh? How so?
164.109.25.194 responds to telnet on 80 but it does not serve any web pages (which is clearly visible from your own "rebuttal" where you are bailing out with the telnet escape sequence after it timed out on you).
Pretty much my exact point.
I told you that 2LD name resolutions that reply to HTTP GETs usually reply with the same content as the "www" host in the 2LD, IF they respond to HTTP GETs at all.
Your example failed the "if" clause and my test indicated that. You confirmed it by duplicating my test and results. Thanks!
Show the complete HTTP sequence. Or even get an HTTP error 400 to your request like you got with the actual honda site.
I showed the complete input and output of the only test connections I tried.
207.130.95.62 persistently times out even connecting, which you made sure to avoid showing
Again, I showed you everything from my tests. What rhetorical advantage would I gain from hiding anothe
Re: (Score:2)
You are comically delusional.
The entire point of my original post was to contradict a dude who was claiming that "example.com" and "www.example.com" are always synonymous.
Following which I gave examples why they are, in many cases, not.
Then you roll in spewing spittle all over about how horribly wrong I am, moaning and bitching incoherently about third level domains being always host names and HTTP redirect requests.
So I show you a rather prominent site which does precisely what I was claiming.
Then you
Re: (Score:2)
I said you were wrong.
Then you tried to defend your position, but instead provided an example of a case I explicitly covered already.
So I pointed that out to you, using sound technical methodology.
Then you repeated my own point back to me, claiming it as your own.
Then I pointed that out to you, using exact and contextually relavent quotes from our previous exchanges.
Finally, the last threads of sanity left you flailing crazily at me, rather than at any point that I've made.
Here's the salient facts:
1) U
Re: (Score:2)
Which I was not, since clearly there are major domains where "domain.com" and "www.domain.com" are not one and the same.
Since my position was only that such sites do exist, existence of even one example is sufficient. You did not "cover" anything since your rambling had nothing to do whatsoever with my point. And still does not.
Re: (Score:2)
Also, if you'd stop trying to get your snark on long enough to read my posts properly, you would see that we disagree about some fine points in a fairly large swath of agreement.
Which I was not, since clearly there are major domains where "domain.com" and "www.domain.com" are not one and the same.
On this we simply disagree to the degree of commonality. That's it. You say "many", and I
Re: (Score:3, Insightful)
Most sites are configured to accept either the www.domain, or just the domain. Slashdot is not one of them.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
s/in case/in ANY case/g
Don't drink and
Re: (Score:2)
Or because "slash-slash-slash-dot-dot-org" is more amusing/confusing than the www-prefixed alternative.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Pain in the ass.
Re: www as subdomain, Huh? (Score:1)
Re:DNS needs improvment... (Score:4, Interesting)
The one that always annoyed me was Promise. That is, when I was still using their hardware.
http://promise.com/ [promise.com] goes to a blank index page.
http://www.promise.com/ [promise.com] goes to their real content page.
Re:DNS needs improvment... (Score:4, Funny)
Re: (Score:1)
Then why don't they put an HTTP redirect on the server which hosts "promise.com"? They already have a web server there, after all.
I reckon it's that empty promise thing. Very deep.
Re: (Score:1)
Further evidence that ... (Score:5, Interesting)
Windows is unfit for business uses. (Score:2, Insightful)
I can think of one reason why a company would go with Windows-based systems: ignorance. This includes ignorance on the part of the network designers and administrators, who do not stand up and demand to use Solaris, Linux, HP-UX, AiX, F
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
Convincing your CEO or CIO to switch to FOSS (even if they would dearly love to) is like convincing a hard core gamer to drop microsoft. They will do it the day WOW or Everquest or runs flawlessly under Linux.
Re: (Score:2, Insightful)
This is one of the problems I've seen repeatedly with CIOs who have been brought up drinking the Microsoft Kool-Aide. They've never bothered to question the 'one size fits all' sales pitches.
Re: (Score:2, Funny)
I suspect the actual plan was to infect all the people mis-typing "anus.com"
P*S
What's your issue? (Score:2)
Re:I heard rumors (Score:5, Informative)
It's spyware from an ad service. It's like those "Your computer is infected" ads on a Yahoo page.
The real carrier of the evil is dropspam.com, which pretends to be a spam filtering service. I fired up VMware and installed upgrade.exe out of morbid curiosity. The results are here:
Msg: 26529 of 26688 4/6/2007 6:57:44 AM Recs: 26 Sentiment: Not Disclosed
By: Boyle M. Owl Send PM Profile Ignore Add To Favorites
Posted as a reply to msg 26470 by sco_source_scam
Re: IV advertising malware? Dropspam.com
The tiny program is a downloader and installer. I have run it inside of VMware, the only way to run Windows...
It may be legitimate, but read on, and grok the implications of the license....
3. Licensee's Covenants
(a) The Licensee has read all information pertaining to the operation of the Software and expressly agrees that the Licensor shall be permitted to make any modifications, alterations and re-configurations to the Licensee's computer hardware and software including its email inbox and outbox as required for the normal operation of the Software, including but not limited to the re-routing of emails to the Licensor's server for the purposes of screening emails for spam and viruses and attaching a brief message promoting the Software to all out-going emails of the Licensee.
The licensor can kindly stay the fuck out of my computer, tyvm.
(b) The Licensee further agrees that the Licensor shall be permitted to send emails (Authentication Emails) on behalf of the Licensee to those email addresses which have been stored in the Licensee's computer or which appear as senders in incoming emails, for the purposes of authenticating these email addresses and providing the recipients with an opportunity to update the Licensor with additional authentic email addresses.
"We're going to examine your drive for email addresses, and then we're going to spam the shit out of your friends."
(c) If the Licensee wishes to delete or remove the Software for any reason, such deletion or removal must be carried out using either the program or software removal tool inherent in the Licensee's computer operating system including the Add/Remove tool provided by Microsoft® Windows, or such other similar program or software provided by the Licensor, which will be available to the Licensee through the Licensor's website. The Licensee acknowledges that if the deletion or removal of the Software is carried out by any other manner or by using any program or software other than those described above, the Licensee's email software or system may not be restored fully and/or may fail to start up and function properly, and as a result the Licensee may not be able to receive or send emails.
"Yeah, ya see, our program so severely fucks your system that if you try to remove us with something that might work, we'll break your smtp and pop3 server pointers."
As I wrote this, several other popups came up and want me to install shit. Ahahahah, I'm going to install all this and then I'm going to run a friend's malware scanner to see what it really does.
Ghod...this is what being a windows user is like?! I have forgotten!
--
BMO
Msg: 26531 of 26688 4/6/2007 7:18:35 AM Recs: 25 Sentiment: Not Disclosed
By: Boyle M. Owl Send PM Profile Ignore Add To Favorites
Posted as a reply to msg 26529 by Boyle M. Owl
Re: IV advertising malware? Dropspam.com
I do this shit so you don't have to...
Up until I installed upgrade.exe, the system was pristine except for an installation of OpenOffice and Opera....
BTW, this is just a _part_ of the log that goes on forever...
Checking system programs...
Checking Windows directory contents...
c:\windows\appupdate.exe: Version info not found (Suspicious)
c:\windows\ewwsetup.exe:
Re: (Score:3, Insightful)
You should put the virtual disk under version control.
Re: (Score:2, Informative)
VMware does that. To clean the virtual machine, you can pick any of the older images. I was asked if I tried uninstalling using the spyware company uninstaller and I said no. I picked the April 1 image out of a perverted sense of humor.
--
BMO
Re:I heard rumors (insight please) (Score:2)
Quickly?
There must be a tool that does this..
Re: (Score:2)
Not saying that bmo was necessarily using VMWare Server, of course.
Re: (Score:1)
jpeg or png? (Score:4, Insightful)
TFA:
Then:
So is next3.png the real exploit and are they using "jpeg" to mean an image file? Or is there a jpeg file involved here?
Re: (Score:1)
It attempts to read a file (of whatever name) and uses the parser which appears to fit.
You can store jpeg data inside a file called *.png and vice versa.
not the least bit surprised (Score:2, Informative)
All signs of poor admins.
Re:not the least bit surprised (Score:4, Informative)
I'm shocked... SHOCKED! (Score:5, Insightful)
And to top it all off... BAH HUMBUG!
Re: (Score:2)
Three weeks is a long time for a total tech support blackout.
Re: (Score:2)
Learn how to do stuff without having to rely on computers.
Re: (Score:3, Insightful)
But it hasn't seen a driver update from Asus in coming up on a year. Not a single Vista driver? For a notebook that was one of your top-of-the-line models (yeah, yeah, I know time moves fast)? When there are HUNDREDS of posts on your forums about the integrated webcam breaking EVERY video input software under
Re: (Score:3, Informative)
FTP (Score:2)
Progress, I tell ya, progress.
Re: (Score:1)
Progress, I tell ya, progress.
In fact OS X Safari made same error and recent webkits show they moved back to Netscape style FTP browsing.
Re: (Score:2)
- Disgruntled Asus customer
It's not just the admins. (Score:1, Funny)
But we can't blame just the admins. We also have to blame the netwo
Re: (Score:2)
Now I'm just as much an open source fan as anyone here. A linux box probably would have been a better system to use the a windows one. But there is no technical reason that windows couldn't be used in this way and be just as secure overall.
Re: (Score:2)
Because that has a whole lot to do with the admins, or the webserver they run...
Re: (Score:2)
Re: (Score:1)
I browse these sites to look for new product or support, not wasting my bandwidth watching stupid animation. Usually I exit right the way when seeing a site like this. I can't trust anyone's product if they can't even get their website right.
Re: (Score:2)
Most of the motherboard oem's use IIS for their web sites. They tend to be incredibly slow, go down all the time, and often render poorly (or not at all) on anything other then IE.
All signs of poor admins.
I have always wondered if it has something to do with "being nice to Microsoft".
You know, if Microsoft wants to mess with your Intel or AMD motherboard they sure can. After your sales dip, they would happily release a patch saying "apologies".
One of those poor admins killed my motherboard by putting wrong BIOS update back in the day. That is the same company "invented" a true safe (dual chip) BIOS a bit later. That made me bitterly smile when I heard.
Asus Site Is Always A Mess Anyway (Score:3, Insightful)
Re:Asus Site Is Always A Mess Anyway (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Advice (Score:4, Interesting)
Re: (Score:2, Funny)
Re: (Score:1, Informative)
so only IE users need to worry.
Re: (Score:1, Troll)
Why should you be worried? Oh, you might be using Windows... then yes. But then again you should be worried the moment you plug in the ethernet cable. BTW, it's safe to turn off Security Center service, just memorize "your computer might not be safe", SC sometimes is wrong and says you're OK.
Yup, it's a troll, but I just can't resist having fun at expense of Windows users :)
Re: (Score:1, Funny)
Re: (Score:3, Informative)
That said, your file explorer on windows also uses the said engine, so any files you download are a threat as soon as you browse to their location. If you have put these files somewhere you know of, try using the windows shell to move them into a directory you don't like to go to very often. Then wait until spyware/anti-vir
Re:Just assume you're infected. (Score:4, Insightful)
On the other hand, the troll is pretty much wrong about everything else, including "Furthermore, if you use WINE you can run virtually all of your existing Windows applications and games." I have been trying to get windows-based games to run for quite some time, and with the exception of a few favored games (WoW) and some old ones that were really simple, not much works at all, let alone with hours of tweaks. (Actually, I don't even own WoW, so I could be wrong about how well it works as well.)
Re: (Score:2)
Re: (Score:2)
Morrowind runs, but has no music because wine refuses to play the mp3 soundtrack. Playable, though, I admit, once you use a no-cd patch.
And there's my biggest complaint: You HAVE to use a crack on most games to even get them to start up. There's b
Re: (Score:2)
It's not a DNS error-- it's a html page error (Score:3, Informative)
SANS DID find evidence of an ANI exploit: (Score:4, Informative)
Use the force? (Score:1)
It'll be like:
Linux: I ownz you d00d!
ASUS.com gets knocked off-line.
That'd be righteous. Or I could lay off the rum.
Re: (Score:2)
So yeah, it's already off-line, slashdotting it is not going to help a lot.
Don't worry! (Score:2)
They are so unbelievably slow and unresponsive you have to use the
I don't remember always having those problems, but in the last few years it seems they have not grown to meet the demand.
I think this should guarantee safety for more then a few of us who gave up going back there.
Have you netcrafted them? (Score:2)
They run Windows 2003. Just about says it all doesn't it?
On the other hand, I recently following some live changing events I had to work with three different machines in getting them back up and working. A HP kayak early P3 generation, a self built asus P3 (both dual) and a g3.
Can you guess from wich site I had the least problem getting info?
Yeah the apple site was fast, and constantly telling me about OS-X while the actuall bloody machine ran 8.6, HP had retired much of the data leaving only ASUS to sti
Only website affected? (Score:2, Interesting)
Why wouldn't they? Are the file images stored separately or otherwise better protected?
Re: (Score:2)
The people involved in doing things like this are more than likely part of groups who seek to make money by "selling" comprimised hosts to the various other nefarious computing industries like spammers, etc.
Not to mention of course that modifying binary code, especially BIOS firmware, etc to do the sort of thing you suggest and still actually function is very difficult indeed. Chances are the people who altered the Asus site could've easily used script-kiddy proof-of-concept ex
Re: (Score:1)
Why wouldn't they?
There's no money in utter destruction. They want the infected machines alive and well and sending out spam - and doing that from the bios code is too much effort.
My experience with Asus (Score:1)
So let me summarize (Score:2)
You bought a cutrate product and expect firstrate support.
Mmm, do you have any idea how much tech support costs? Do you have any idea for that matter just how little margin there is on products like this?
They just don't want to do personal tech support because it eats away their profits like you won't believe.
Oh, and if you know your device, you can easily find it on their site and then find all the drivers you need.
It is slow as hell, to be sure but you cannot fault them for you not being able to find
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Does it have an Enter key?
The iframe issue (Score:1)