ASUStek's Web site hacked, serves up Malware for .ANI flaw

The Web site for computer parts manufacturer ASUStek Computer has been hacked and has been serving up attack code that exploits the recently patched .ANI Windows vulnerability. The exploit is hidden in an HTML element on the front page of ASUStek's Taiwanese Web site, which then attempts to download the code from another server. As of Friday afternoon, the server hosting the attack code was not operational, mitigating the risk of this attack, although attackers can always redirect their attacks to a live server. Based in Taipei, ASUStek makes computer accessories like motherboards, video cards, and CD-ROMs. Reliable exploit code that targets this flaw has been circulating for more than a week now. Roger Thompson, CTO with Exploit Prevention Labs, noted that the ASUStek hack shows how easy it is for even trusted Web sites to be compromised: "If a major company like ASUStek can get hacked and be infective, anyone can."

News source: InfoWorld

Report a problem with article
Previous Story

Russian Satellites To Challenge America's GPS Monopoly

Next Story

Paul Thurrott: Windows XP Service Pack 3 Not Coming

18 Comments

Commenting is disabled on this article.

dragon2611 said,
do you have an up to date antivirus installed, if so it should stop it

I don't use antivirus. I'll get NOD32 on and run a scan...

Update: turns out my pc was updated, and NOD32 didn't catch anything.

So as long as you didn't visit the Taiwanese site, you're cool? I used the North American site a couple of days before the patch was released.

So much for people who claim they are "safe" because they only browse "safe" sites. :P

Even ad content on "safe" sites can be tainted.

Ravensworth said,
I can never get their page to load anyway. They must be running Windows for Workgroups 3.11 on a 386.

Asus needs to work on their customer service in general. It's pretty sad for such a large corporation.

One would hope that this little boo-boo gets Asus to upgrade their servers... I think the squirrels powering their existing servers are near the death point. Please get faster servers!

ir0nw0lf said,
One would hope that this little boo-boo gets Asus to upgrade their servers... I think the squirrels powering their existing servers are near the death point. Please get faster servers!

And one would hope they make a decent website, too.

There website isn't THAT bad. At least let them fix (get new) their servers before they start trying to make a new layout. :P

"If a major company like ASUStek can get hacked and be infective, anyone can."

Major company, yes. But their websites are among the vilest things that ever set food online.
Slow as **** (if you are luckily enough to actually access a certain page) and annoying as **** with those pesky flashlets!