Great way to wake up on Monday morning, especially if you own an ASUS machine.<\/span><\/p>\n
![](\"https:\/\/images.idgesg.net\/images\/article\/2017\/07\/kaspersky-logo-flag-resized-100730050-large.3x2.jpg\"\/){kind=logo}
<\/p>\n<\/p>\n
Credit to Author: Woody Leonhard| Date: Mon, 25 Mar 2019 09:28:00 -0700<\/strong><\/p>\n Great way to wake up on Monday morning, especially if you own an ASUS machine.<\/span><\/p>\n Kaspersky just <\/span>published a teaser<\/span><\/a> for a more thorough explanation to come in two weeks at the Kaspersky Security Analysts Summit in Singapore. It\u2019s quite an eye-opener.<\/span><\/p>\n Apparently somebody broke into the ASUS update servers, and swapped out a valid software\/firmware update with one of their own. The bogus update looked like the genuine thing, with a valid certificate, and its size matched the original\u2019s size. As a result, the bad update stayed on ASUS\u2019s servers \u201cfor a long time.\u201d<\/span><\/p>\n How bad is it? Kaspersky isn\u2019t handing out many details, but the teaser (which reads like a PR release) is quite compelling. Kaspersky calls it <\/span>Operation ShadowHammer<\/span><\/a><\/p>\n The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters\u2019 MAC addresses. To achieve this, the attackers had hardcoded a list of MAC addresses in the trojanized samples and this list was used to identify the actual intended targets of this massive operation. <\/span><\/p>\n Kaspersky notified ASUS of the malware on Jan. 31.<\/span><\/p>\n According to our statistics, more than 57,000 users of Kaspersky Lab\u2019s products have installed the backdoored utility, but we estimate it was distributed to about 1 million people total. <\/span><\/p>\n Sounds bad enough, but there\u2019s yet another teaser on the tail end of the original teaser:<\/span><\/p>\n While investigating this attack, we found out that the same techniques were used against software from three other vendors. <\/span><\/p>\n Not a breath of which \u201cthree other vendors\u201d are involved.<\/span><\/p>\n Bottom line: Unless you have an ASUS machine with one of the 600 hard-coded network adapter MAC addresses, there\u2019s nothing to worry about. As for the three other vendors, who knows?<\/span><\/p>\n You can file this away in the same bucket with Spectre, Meltdown and other Glitter Glam malware. It\u2019s great theater, and sure to draw lots of attention, but in the end unless you\u2019re defending state secrets, nuclear launch codes or weighty bitcoin wallets, it doesn\u2019t mean much.<\/span><\/p>\n PR release – check<\/span> We\u2019re following the spectacle on <\/span><\/i>AskWoody<\/span><\/i><\/a>.<\/span><\/i><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Woody Leonhard| Date: Mon, 25 Mar 2019 09:28:00 -0700<\/strong><\/p>\n Great way to wake up on Monday morning, especially if you own an ASUS machine.<\/span><\/p>\n
<\/span>Catchy name – check
<\/span>Commercial tie-in – check
<\/span>Custom logo – not yet<\/span><\/p>\n<\/p>\n