ASUS may have unintentionally pushed malware to a portion of its PCs through its update feature, yet it, at any rate, has a fix prepared to go. The PC creator has discharged another rendition of its Live Update programming for laptops that tend to the ShadowHammer backdoor access assault. It also promised “multiple security verification mechanisms” to reduce the chances of further attacks, and started using an “enhanced end-to-end encryption mechanism.” There are upgrades to the behind-the-scenes server system to prevent future attacks, ASUS added.
The organization all the while repeating the restricted extent of ShadowHammer, noticing that the malware focused on a “very small and specific user group.” It’s believed to be an Advanced Persistent Threat — that is, a state-backed assault against organizations rather than everyday users. Other ASUS devices weren’t affected, according to a notice.
If you think you’ve been affected, then you should download the diagnostic tool Asus released here. This is a zip file – ASDT_v184.108.40.206 – containing a single 215 KB application. Running this will tell you if your device has been affected or not.
The company wrote, ““ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.”
While the fix is consoling, it additionally brings up issues with respect to why the frameworks weren’t secured before. Update instruments are ideal objectives for programmers correctly on the grounds that they’re both trusted and have profound access to the working framework – tight security is important to keep an intruder from commandeering the procedure.
Image via Kaspersky Lab