Most hacks affect one computer at a time, and the hackers are thrilled with each new success. But imagine a hack that was so clever that it infected almost a million computers all at once. That is what happened to owners of ASUS desktop computers and laptops in a hack that was discovered a full 6 months after it began, which allowed many more computers to be violated.
But is a hack like this truly as difficult to detect, as this story suggests? Maybe not. At around the same time that this hack was announced, and before the “signature” was included in new virus definitions, Digital Uppercut’s Business Protection Toolkit caught and immobilized this hack for one of our clients before it had the chance to do any damage.
Why The ASUS Computer MegaHack Is Different
Many viruses travel from computer to computer, usually via email. One person receives an email with a virus, which is opened on their computer. It executes and installs itself on that computer, and then gets to work sending out infected emails to that users’ contacts, which could be dozens, hundreds or thousands of people over a short amount of time. Some number of those recipients (those without solid security) also get infected, and the process repeats.
Other viruses can place infected files on websites, and then infect every visitor to that website. These viruses might also spread further via email, but the net result is the same.
What makes the ASUS Computer MegaHack different is that the cyber criminals breached the website that stores and serves up official updates to ASUS computers. They downloaded the ASUS software from the update servers, infected the files with malware and uploaded the file back to the ASUS server. So any time an ASUS computer running their Live Update tool asked the ASUS update server for software updates, they became infected.
ASUS installs their update software on every computer they sell, so this malware could have been downloaded to nearly a million computers.
Why This Hack Was So Hard To Detect
Malware authors are always improving their software to make them more damaging and harder to detect. One particularly clever tactic that these authors did was to digitally sign the files with the actual ASUS security certificate. So any antivirus or security techniques that check certificates to ensure authenticity would not have detected that these files were altered.
The certificate was certainly one of the reasons why it took 6 months before anyone noticed that the malware was being distributed by the ASUS servers. And since the files were thought to be legitimate, their “signatures” were not added to typical antivirus and malware detection tools.
Detecting Undetectable Malware
That is why standard antivirus software software is insufficient for protecting most businesses. These programs depend on someone first discovering the virus, determining what it does, and defining it’s “signature” (the part of the file that makes it unique) and then adding the signature to the antivirus definitions. Once added, the file needs to be downloaded by users of the antivirus software. Only then can the virus be detected.
Days, weeks...or even 6 months can pass before this is done, and you can imagine how many computers might be infected in the meanwhile.
Digital Uppercut’s Business Protection Toolkit features more advanced technology that can identify and stop viruses, trojans, ransomware and other malware before they are ever discovered. Among other technologies, the Toolkit features behavior-based systems that don’t look at what the software is, but what the software does.
When software begins to install itself, or change files that don’t belong to it, or add content to emails, or turn encryption on or off, or any one of hundreds of different malware triggers, the Business Protection Toolkit stops the malware in its tracks.
And that is what happened with this ASUS Computer MegaHack. At around the same time that the software was first announced publicly, we discovered it on one of our clients’ computers. We were able to immobilize and remove the software without allowing it to cause any damage to the computer, the network, or the entire business.
Our Business Protection Toolkit has several different levels of protection that can protect you from zero-day attacks, file-less attacks, malicious users, phishing, failing hardware and much more.
How To Protect Your Business
Doesn’t your business deserve this type of protection? Your business is important to its owners, its employees, its vendors, and its clients, which means it deserves the highest levels of protection you can give it. Contact us online or call us today at 818-913-1335.