The Web site for computer parts manufacturer ASUStek Computer has been hacked and has been serving up attack code that exploits the recently patched .ANI Windows vulnerability. The exploit is hidden in an HTML element on the front page of ASUStek's Taiwanese Web site, which then attempts to download the code from another server. As of Friday afternoon, the server hosting the attack code was not operational, mitigating the risk of this attack, although attackers can always redirect their attacks to a live server. Based in Taipei, ASUStek makes computer accessories like motherboards, video cards, and CD-ROMs. Reliable exploit code that targets this flaw has been circulating for more than a week now. Roger Thompson, CTO with Exploit Prevention Labs, noted that the ASUStek hack shows how easy it is for even trusted Web sites to be compromised: "If a major company like ASUStek can get hacked and be infective, anyone can."
News source: InfoWorld
18 Comments - Add comment