Hackers compromised an ASUS server which used the company's software update tool, to install a malicious backdoor on thousands of users' computers, according to Kapersky Lab. The Moscow-based Kaspersky Lab discovered the incident late last year and ASUS said that the compromise has since been stopped. ASUS's systems were pushing the backdoor to customers for five months before the attack was discovered. According to the Lab's estimate, over 57,000 users of its products installed the backdoor, which was distributed to 1 million Windows machines eventually, even though the attackers seemed to have been targeting just 600 machines. The malware was designed to search for machines by their MAC address. Once on a system, the malware searched for the targeted systems and reached out to the command-and-control server controlled by the attackers, which then installed additional malware on those machines. The trojanized utility was signed with a legitimate certificate and was hosted on the official ASUS server dedicated to updates, and that allowed it to stay undetected for a long time. The criminals even made sure the file size of the malicious utility stayed the same as that of the original one. - Kaspersky Lab's blog post 18% of those affected by the attack were from Russia, while roughly 16% were from Germany, another 12-14% were from France. "In principle, the distribution of victims should match the distribution of ASUS users around the world.."said Kapersky Lab. Although precise attribution is not available at the moment, certain evidence we have collected links this attack to…
