Asus.com Compromised With Exploit Code
Juha-Matti Laurio writes in with news that the Web site of ASUSTeK Computer (asus.com) has been compromised to spread exploit code. The original report from Kaspersky Lab claimed that the compromise lead to code exploiting the recently patched Microsoft Windows Animated Cursor (.ANI) 0-day vulnerability, but sans.org found no evidence of this. Apparently a malicious iframe was added to one of the machines in asus.com's DNS round-robin.
... you don't have to visit porn, warez or shady sites to get your computer infected with all sorts of nastiness; "trusted" sites will just do.
Ok, friday I reinstalled a Asus laptop. While applying updates I was downloading asus drivers. Should I be concerned that I visited their site without a fully patched system? I hate to do it all over again? Any suggestions in how I can tell if I was infected.
The one that always annoyed me was Promise. That is, when I was still using their hardware.
http://promise.com/ goes to a blank index page.
http://www.promise.com/ goes to their real content page.
Serious? Seriousness is well above my pay grade.