Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
  1. #1
    ROG Junior Member Array
    Join Date
    Mar 2018
    Reputation
    10
    Posts
    4

    Exclamation -- Our EOL Asus routers now made the expanded list of Russian maleware attack!!! --

    Looks like our new Asus routers now made the expanded list of Russian maleware attack. Question is, what is Asus and Trend Micro going to do about it?

    The title of the Ars Technica article today is: "VPNFilter malware infecting 500,000 devices is worse than we thought"

    https://arstechnica.com/information-...filter-malware... (link is external)

    Here are some excerpts from the article:

    "Malware tied to Russia can attack connected computers and downgrade HTTPS."

    " Two weeks ago, officials in the private and public sectors warned that hackers working for the Russian government infected more than 500,000 consumer-grade routers in 54 countries with malware (link is external) that could be used for a range of nefarious purposes. Now, researchers from Cisco’s Talos security team say additional analysis shows that the malware is more powerful than originally thought and runs on a much broader base of models, many from previously unaffected manufacturers."

    " The most notable new capabilities found in VPNFilter, as the malware is known, come in a newly discovered module that performs an active man-in-the-middle attack (link is external) on incoming Web traffic. Attackers can use this ssler module to inject malicious payloads into traffic as it passes through an infected router. The payloads can be tailored to exploit specific devices connected to the infected network. Pronounced “essler,” the module can also be used to surreptitiously modify content delivered by websites. "

    "All your network traffic belongs to us"

    “Initially when we saw this we thought it was primarily made for offensive capabilities like routing attacks around the Internet,” Craig Williams, a senior technology leader and global outreach manager at Talos, told Ars. “But it appears [attackers] have completely evolved past that, and now not only does it allow them to do that, but they can manipulate everything going through the compromised device. They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”

    "There is no easy way to know if a router is infected. One method involves searching through logs for indicators of compromise listed at the end of Cisco's report. Another involves reverse engineering the firmware, or at least extracting it from a device, and comparing it with the authorized firmware. Both of those things are out of the abilities of most router owners. That's why it makes sense for people to simply assume a router may be infected and disinfect it. Researchers still don't know how routers initially become infected with stage 1, but they presume it's by exploiting known flaws for which patches are probably available."

    "Steps to fully disinfect devices vary from model to model. In some cases, pressing a recessed button on the back to perform a factory reset will wipe stage 1 clean. In other cases, owners must reboot the device and then immediately install the latest available authorized firmware from the manufacturer. Router owners who are unsure how to respond should contact their manufacturer, or, if the device is more than a few years old, buy a new one."

    - End article excerpts

    Read the Ars Technica article linked above to see if the expanded list includes your brand of router

    That article actually has a lot more useful information and describes a lot more in depth about what is going on with our personal routers and how they are being attacked by Russia and other state sponsored governments. Once your routers are infected, you may not even know it and all of your passwords to your bank accounts and other sensitive personal information and can be intercepted and stolen without you even knowing it. As the article even said, money could even be being siphoned off out of your bank accounts and you may remain unaware.

    Ball is in your court Asus. What are you and Trend Micro going to do about this to help protect us ASUS router users/customers?
    Last edited by BluePhoenix; 06-06-2018 at 04:33 PM.

  2. #2
    ROG Guru: Yellow Belt Array Sprayingmango PC Specs
    Sprayingmango PC Specs
    Laptop (Model)Late 2017 MacBook Pro 15"
    MotherboardRampage VI Extreme X299
    Processori9 7900X
    Memory (part number)G-Skill Trident Z RGB 3600 32GB
    Graphics Card #1EVGA 2080Ti XC Ultra
    Graphics Card #2EVGA 2080Ti XC Ultra
    MonitorTriple Asus PG27UQ G-Sync
    Storage #1Samsung 970 Evo 2TB NVME
    Storage #2Samsung 970 Evo 1TB NVME
    CPU CoolerCorsair H150i Pro RGB
    CaseCorsair 1000D
    Power SupplyCorsair AX1600i
    Keyboard Logitech G910
    Mouse Logitech G Pro Lightspeed
    Headset No...just no. Sennheiser HD650s w/ Schitt Stack
    Mouse Pad Logitech PowerPlay
    Headset/Speakers Denon 7.2 Atmos w/ Polk Signature Series
    OS Win10 Pro 1809
    Network RouterAsus Rog Rapture GT-5300

    Join Date
    Mar 2013
    Reputation
    10
    Posts
    180

    Ummmm no....no it has not. There is not a single Asus ROG router on that list. You are completely wrong.

  3. #3
    Administrator Array MasterC@ASUS's Avatar
    Join Date
    Aug 2014
    Reputation
    96
    Posts
    1,492

    Generally, the ROG forum isn't meant for discussions regarding ASUS routers. However, while we are on this topic, the ROG Rapture is not vulnerable and there is no reason for concern.

    Most of the ASUS models mentioned above have been EOL (end of life) for a while now (can't understand why they are all labelled as 'new'), and we have no reports of any gaming routers being affected.

    VPNFilter is malware, and as such, it requires a 2-step process:
    1. Infect device.
    2. Establish connection with C&C (control and command) server, await for further instructions from person/people responsible.

    ASUS releases patches consistently in order to prevent step 1, while AiProtection blocks step 2.
    TrendMicro has already verified that the C&C servers for VPNFilter are in the AiProtection signature (Step 2 is secure).

    If anyone is still concerned about security, here are a few suggestions:
    1. Always update your router firmware.
    2. Enable AiProtection.
    3 Use more complex passwords for your router login and Wi-Fi.
    4. Avoid public Wi-Fi hotspots whenever possible, and use VPN if necessary.
    Last edited by MasterC@ASUS; 06-07-2018 at 06:41 AM.

  4. #4
    ROG Junior Member Array
    Join Date
    Mar 2018
    Reputation
    10
    Posts
    4

    Thanks for the tips.

    I did not know ROG routers from Asus where immune. I currently own an Asus 3100 router. I am not sure if it is a ROG router or if my router is also end of life but I do know that the routers firmware is updated. AI protection is enabled along with all the suggestions it makes. The Asus user interface on this router makes seeing and enabling all that important stuff a breeze. Even for beginner to novice users. I am not using a default password. I dont use wi-fi hotspots and I dont know how I would use VPN. I know VPNs are more secure though.

    I know Asus used to have a general forum but when typing in "Asus forum" in Google, the only results that show up are the "ROG forum" and the "Zen Talk forum". I dont know if Asus took their general forum offline or what. Even scrolling in a few pages on Google, this looks to be the case (just ROG forum and third party forums discussing Asus products).

    Ive posted on the general Asus forum before but not for a bit so maybe they took the forum down. Thought this was as good as place as any in the meantime to post since the attack now does involve some Asus routers. Looks like its a nasty cyber attack by another developed country against the US and other developed countries. An attack that looks to be evolving. An attack that may become sophisticated enough to involve all Asus routers in time if the responsible parties continued to evolve it or if they want to develop something different.
    Last edited by BluePhoenix; 06-07-2018 at 10:13 PM.

  5. #5
    ROG Guru: Yellow Belt Array Sprayingmango PC Specs
    Sprayingmango PC Specs
    Laptop (Model)Late 2017 MacBook Pro 15"
    MotherboardRampage VI Extreme X299
    Processori9 7900X
    Memory (part number)G-Skill Trident Z RGB 3600 32GB
    Graphics Card #1EVGA 2080Ti XC Ultra
    Graphics Card #2EVGA 2080Ti XC Ultra
    MonitorTriple Asus PG27UQ G-Sync
    Storage #1Samsung 970 Evo 2TB NVME
    Storage #2Samsung 970 Evo 1TB NVME
    CPU CoolerCorsair H150i Pro RGB
    CaseCorsair 1000D
    Power SupplyCorsair AX1600i
    Keyboard Logitech G910
    Mouse Logitech G Pro Lightspeed
    Headset No...just no. Sennheiser HD650s w/ Schitt Stack
    Mouse Pad Logitech PowerPlay
    Headset/Speakers Denon 7.2 Atmos w/ Polk Signature Series
    OS Win10 Pro 1809
    Network RouterAsus Rog Rapture GT-5300

    Join Date
    Mar 2013
    Reputation
    10
    Posts
    180

    Quote Originally Posted by BluePhoenix View Post
    Thanks for the tips.

    I did not know ROG routers from Asus where immune. I currently own an Asus 3100 router. I am not sure if it is a ROG router or if my router is also end of life but I do know that the routers firmware is updated. AI protection is enabled along with all the suggestions it makes. The Asus user interface on this router makes seeing and enabling all that important stuff a breeze. Even for beginner to novice users. I am not using a default password. I dont use wi-fi hotspots and I dont know how I would use VPN. I know VPNs are more secure though.

    I know Asus used to have a general forum but when typing in "Asus forum" in Google, the only results that show up are the "ROG forum" and the "Zen Talk forum". I dont know if Asus took their general forum offline or what. Even scrolling in a few pages on Google, this looks to be the case (just ROG forum and third party forums discussing Asus products).

    Ive posted on the general Asus forum before but not for a bit so maybe they took the forum down. Thought this was as good as place as any in the meantime to post since the attack now does involve some Asus routers. Looks like its a nasty cyber attack by another developed country against the US and other developed countries. An attack that looks to be evolving. An attack that may become sophisticated enough to involve all Asus routers in time if the responsible parties continued to evolve it or if they want to develop something different.
    Your post is ridiculous, you knew exactly what you were doing. Stop....just stop. Sensationalist bull****.

  6. #6
    ROG Junior Member Array
    Join Date
    Mar 2018
    Reputation
    10
    Posts
    4

    Quote Originally Posted by Sprayingmango View Post
    Your post is ridiculous, you knew exactly what you were doing. Stop....just stop. Sensationalist bull****.
    Yeah dude, you are me so you know exactly what I am doing. Do you fortune tell as a side job or is it your main one? If it is I suggest finding another line of work.

    I posted on this forum because one, I wanted to and to, two, because two I am concerned once I saw the list of Asus routers added to the list, and three because I dont know what happend to Asus' regular forum. But, you already knew that since you are a mind reader and a fortune teller............

    Do me a favor and the next time you feel like being an ass and you dont like a thread, dont comment.

  7. #7
    ROG Enthusiast Array Browni PC Specs
    Browni PC Specs
    MotherboardPrime X370-Pro
    ProcessorRyzen 7 1800X
    Graphics Card #1ROG-STRIX-RX580-T8G-GAMING
    Storage #1Samsung 960 M.2 NVMe 250GB
    Storage #2Samsung EVO 850 SSD 1TB
    Power SupplyCorsair RM650i
    Mouse ROG Spatha
    Headset/Speakers Logitech Z533
    Network RouterDSL-AC88U

    Join Date
    Mar 2017
    Reputation
    10
    Posts
    38

    MasterC@ASUS & BluePhoenix, the reason the routers are showing as 'new' is because they weren't included in the original list of affected routers, nothing to do with their age.

    Regarding support for routers, the VIP forums have been closed down.

    Where do we go for support? The closed forums now link to the ROG forums as can be seen here https://rog.asus.com/forum/showthrea...ge3#post723082
    Last edited by Browni; 06-09-2018 at 11:45 PM.

  8. #8
    untouched Array Praz's Avatar
    Join Date
    Apr 2011
    Reputation
    137
    Posts
    4,038

    Quote Originally Posted by BluePhoenix View Post
    Yeah dude, you are me so you know exactly what I am doing. Do you fortune tell as a side job or is it your main one? If it is I suggest finding another line of work.

    I posted on this forum because one, I wanted to and to, two, because two I am concerned once I saw the list of Asus routers added to the list, and three because I dont know what happend to Asus' regular forum. But, you already knew that since you are a mind reader and a fortune teller............

    Do me a favor and the next time you feel like being an ass and you dont like a thread, dont comment.
    I previously edited the thread title to more accurately reflect the subject of this thread. Regarding "Asus' regular forum" the VIP forum was stickly a user-to-user forum. It never had direct support from ASUS employees.

  9. #9
    Administrator Array MasterC@ASUS's Avatar
    Join Date
    Aug 2014
    Reputation
    96
    Posts
    1,492

    Quote Originally Posted by Browni View Post
    MasterC@ASUS & BluePhoenix, the reason the routers are showing as 'new' is because they weren't included in the original list of affected routers, nothing to do with their age.

    Regarding support for routers, the VIP forums have been closed down.

    Where do we go for support? The closed forums now link to the ROG forums as can be seen here https://rog.asus.com/forum/showthrea...ge3#post723082
    The ASUS support team will be a better option for any further questions you may have. To contact support for ASUS networking products, please call 1-812-282-2787 (US - toll free)). Or email the ASUS support team at: networking_support@asus.com

    Numbers for other regions: https://www.asus.com/support/CallUs#

    To help provide ROG forum members a better place to discuss and find answers easier, this section was created specifically for ROG routers.

    Thank you.
    Last edited by MasterC@ASUS; 06-15-2018 at 03:41 AM.

  10. #10
    ROG Enthusiast Array Browni PC Specs
    Browni PC Specs
    MotherboardPrime X370-Pro
    ProcessorRyzen 7 1800X
    Graphics Card #1ROG-STRIX-RX580-T8G-GAMING
    Storage #1Samsung 960 M.2 NVMe 250GB
    Storage #2Samsung EVO 850 SSD 1TB
    Power SupplyCorsair RM650i
    Mouse ROG Spatha
    Headset/Speakers Logitech Z533
    Network RouterDSL-AC88U

    Join Date
    Mar 2017
    Reputation
    10
    Posts
    38

    Call an international phone number? You're having a giraffe.

    So long and thanks for the fish ASUS, you've lost me as a customer.


    Anybody fancy a DSL-AC88U that's currently synching at 220/35 on G.fast?

    It will end up on eBay soon.
    Last edited by Browni; 06-15-2018 at 02:50 AM.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •