Asus.com Compromised With Exploit Code

Juha-Matti Laurio writes in with news that the Web site of ASUSTeK Computer (asus.com) has been compromised to spread exploit code. The original report from Kaspersky Lab claimed that the compromise lead to code exploiting the recently patched Microsoft Windows Animated Cursor (.ANI) 0-day vulnerability, but sans.org found no evidence of this. Apparently a malicious iframe was added to one of the machines in asus.com's DNS round-robin.

jpeg or png?

[MichaelSmith]

TFA:

up to no good pointing to another obfuscated javascript and a executable cloaked as a jpg file

Then:

Name: next3.png

So is next3.png the real exploit and are they using "jpeg" to mean an image file? Or is there a jpeg file involved here?

Re:I heard rumors

[MichaelSmith]

Anyway, this has basically made the (virtual) computer useless and annoying.

You should put the virtual disk under version control.

Windows is unfit for business uses.

What this actually shows is that Windows is unfit for business uses. Even when using their top-end Windows Server products, it's obviously a very poor choice. Between the great expense, the low quality and the numerous security problems, there's no good reason to be using it.

I can think of one reason why a company would go with Windows-based systems: ignorance. This includes ignorance on the part of the network designers and administrators, who do not stand up and demand to use Solaris, Linux, HP-UX, AiX, FreeBSD, Mac OS X or some other system. This also includes ignorance on the part of the management team that is authorizing the purchase and use of such software.

Re:Windows is unfit for business uses.

[PPH]

What sort of Windows-speific app do you think Asus has to run on their web servers? All they are doing is distributing divers, technical specs and product literature. From the point of view of a Unix/Linux/Solaris system, these are just binaries and the web servers could care less about the contents.

This is one of the problems I've seen repeatedly with CIOs who have been brought up drinking the Microsoft Kool-Aide. They've never bothered to question the 'one size fits all' sales pitches.

Asus Site Is Always A Mess Anyway

[chromozone]

Many people who like Asus products know the Asus website is awful. No problem on that site would come as any surprise to anyone who goes there for updates or information. I'm glad it's no big deal this specific problem but that is still one dodgey site that needs TLC quite desperately.

Re:DNS needs improvment...

[nuintari]

This is a whole lot different than what most sites do. Notice how you type www.slashdot.org in, but end up at slashdot.org? Yeah, the line "HTTP/1.x 301 Moved Permanently" means they redirect you away from the www, probably because a lot of us think the www is stupid.

Most sites are configured to accept either the www.domain, or just the domain. Slashdot is not one of them.

Re:Just assume you're infected.

[Aladrin]

As much as I hate to agree with a troll, he's partially right. It's best to assume you have been infected. Even if all the current anti-spyware doesn't find it, that doesn't mean it won't pop up soon. We don't know enough about this malware to identify what it is and if you have been affected, apparently.

On the other hand, the troll is pretty much wrong about everything else, including "Furthermore, if you use WINE you can run virtually all of your existing Windows applications and games." I have been trying to get windows-based games to run for quite some time, and with the exception of a few favored games (WoW) and some old ones that were really simple, not much works at all, let alone with hours of tweaks. (Actually, I don't even own WoW, so I could be wrong about how well it works as well.)

I'm shocked... SHOCKED!

[Excelcia]

How dare their web site go down when I need a driver? How dare anyone ever have a problem they don't know how to solve in sufficient time to deal with my selfish and entitled demands? Their tech support exists (solely, I might add) to tell me the bios version I need. So bye bye Asus, I consign you to the ash heap of history while I move along to a company that forces its developers to blog for me, whose support staff reads my every web site comment (including the ones on third party sites), and that spends every last dollar it has on server infrastucture. Of course, I don't particularly care that this company will be out of business in no time, because there are a constant influx of new companies who are willing to lose money for a year and fold.

And to top it all off... BAH HUMBUG!

Re:I'm shocked... SHOCKED!

[Achromatic1978]

For the longest time, I loved my Asus notebook (A7Vc). Heavy fucker, but great. 1.86GHz Pentium M (It's 18 months old), 2GB RAM, 1440x900, ATI Mobility Radeon x700, integrated HDTV. Lots of nice stuff.

But it hasn't seen a driver update from Asus in coming up on a year. Not a single Vista driver? For a notebook that was one of your top-of-the-line models (yeah, yeah, I know time moves fast)? When there are HUNDREDS of posts on your forums about the integrated webcam breaking EVERY video input software under Vista, including but not limited to said webcam itself, HDTV tuner, Windows Media Player and Quicktime.

Fuck you, Asus. My employer gave me a Sony Vaio. It's nice. It's a lot newer, sure, but at least its manufacturer (for all their evils) have updated drivers in the LAST TEN MONTHS.