Asus and the Shadow Hammer Malware Attack
On the upside, your computer is probably not at risk. Shadow Hammer only affects Asus laptops and not many at that. Researchers at Kaspersky Lab estimated that around a half a million laptops received the tainted update as an orchestrated attack running from, “June 2018 to November 2018 undetected until now,” according to Miriam Cihodariu of Heimdal Security. With the news of the virus being announced on March 20th, Asus and Kaspersky had already begun working on ways to deal with the virus since Kaspersky alerted Asus to its existence on January 31st, 2019. Kaspersky analyzed over 200 samples of the infected update to determine the nature of the virus and whom it may affect. The hackers hard-coded a list of 600 MAC addresses. Every device that can connect to a network through cable or wireless will have a Media Access Control (MAC) address and they’re all unique. Having hard-coded a small list of MAC addresses suggests that the attack had predefined targets.
Check if Your System is Affected
So, as far as having your laptop left open to these hackers, it’s highly unlikely that you’re part of the unlucky 600. If you’re still concerned, you can download ASUS’ Shadow Hammer diagnostic tool and check your own computer. If you need a second opinion, download Kaspersky’s Shadow Hammer detection tool. Both tools will compare the MAC addresses on your laptop to the list of 600 MACs extracted by Kaspersky. Asus has already put a fix in place in the latest version of its Live Update software (ver. 3.6.8). If you have an Asus computer that received the bad update, you’ve probably already received Asus’ fix. But if you’re not sure, you can download the safe version of Live Update from Asus. This version will close the backdoor — if you even have it. Take note that this was a concerted attack that infiltrated the 5th largest computer maker in the world and they managed to infect an official update. A company of this size and nature should have security on par with the greatest nations in the world. This is an early warning sign of the level of attacks that independent and state-sponsored hackers are able to make.