ASUS Live Update driver utility was hijacked to install malware on thousands of computers

Written about 1 year ago by IanDorfman

Computer and electronics manufacturer ASUS finds itself in a difficult position today following its confirmation of malware hijacking its Live Updater driver utility.

A report by Motherboard details how Kaspersky Lab discovered this malware coursing through Small ASUS Live Update iconASUS Live Update and the company's servers:

“We saw the updates come down from the Live Update ASUS server. They were trojanized, or malicious updates, and they were signed by ASUS."

ASUS today put out a press release confirming Motherboard's report. Alongside the admission, ASUS stated the following:

"ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future. "

ASUS also created a diagnostics tool for users worried about being impacted. The tool can be downloaded from the following URL:
https://dlcdnets.asus.com/pub/ASUS/nb/Apps_for_Win10/ASUSDiagnosticTool/ASDT_v1.0.1.0.zip

Further coverage:
ASUS Press Release
Motherboard (1 | 2)
Tom's Hardware
Wired
ZDNet