Today ASUS responded to reports of a recent attack on a set of ASUS notebook users by an APT-toting group through the company’s Live Update server. Apparently the malicious entity in question targeted the servers ASUS uses to send out Live Update software updates. Once they’d gotten past ASUS’ security, they sent out malicious code through said system. The good news is, it’s effectively fixed.
ASUS suggested today that there’s no major reason to fret, as they’ve taken care of the issue at hand. They’ve also suggested that the threat has been blocked, and that the threat was only targeting “a very small and specific user group.” That group does not likely include you, the SlashGear reader, right this minute.
That’s what they say, regardless of the possibility of a much larger attack – or much larger collection of potential computers affected. But maybe they know best – they’ve got the tools to know, right?
ASUS is apparently able to detect the users that’d been sent the malicious code. This would make sense if they’re able to see individual units to which their Live Update software is sent – but that’s not been revealed exactly. ASUS only said “ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.”
Was I affected?
You probably weren’t amongst the few that were affected by this incident, but you can do a couple things if you think there’s a chance. ASUS encouraged users to make certain their Live Update software is all the way up-to-date, to version 3.6.8 or higher. You’ll want to head over to the ASUS step by step to see how you can check that your Live Update software is all the way up to date.