Asus issued a fix to thwart malware that is distributed through tool its updates


Has been reported a few days ago about how the Pirates of the label to countless computers Asus through the distribution of tool mined for updates from the company’s servers. These Pirates signing tool Asus Live Update Tool digitally with a certificate signed code of your company before being sent to the servers to Download Asus where they were hosting the tool mined for several months in the year 2018. Having said that, it has confirmed the Asus today that it has launched a reform counteracts malware that is distributed using this tool.

Use the Pirates secret that they birth in the tool Asus Live Update Tool to send malware to user computers through the server are managed and controlled remotely. It is believed that the hackers were able to access the signing certificates code your company through the supply chain.

Said Asus today that it has launched the update to thwart this attack, the news event that he thought the researchers gung that targeted more than a million users of computers Asus. The company said that ” a small number of devices ” is the planting of malware using this attack.

The company also said that they put ” mechanisms to achieve multiple security ” to ensure that something like this would happen in the future. It has also started to use ” a mechanism to encrypt enhancer ” for this purpose improvements were made to the systems that operate its servers to thwart similar attacks in the future. One has to wonder why you didn’t do the Asus all this since the beginning.

In case you haven’t heard about the certification of digital signature or what is known as ” Code Signing Certificates“, it is used by developers of software applications and prove that the file that the user uploaded the original and has not been breached. This is particularly important for publishers who distribute their software through download sites of third parties, which may not be achieved. Will the operating systems of large users an error message if it is not the signature of the program digitally while trying to install it reveal that it is not digitally signed by the trusted website.

Provides the code signature, digital authentication that confirms to the customer that the file they downloaded is the publisher whose name appears on the certificate. In addition, this also proves that the file has not been tampered with or compromised since it was digitally signed.

Leave a Reply

Your email address will not be published. Required fields are marked *