Motherboard maker ASUStek's Web site hacked

The Web site for computer parts manufacturer ASUStek Computer has been hacked and has been serving up attack code that exploited a critical Windows vulnerability, patched earlier this week.

The exploit is hidden in an HTML element on the front page of ASUStek's Taiwanese Web site, which then attempts to download the code from another server, according to Roger Thompson, CTO with Exploit Prevention Labs.

As of Friday afternoon, the server that downloaded the attack code was not operational, mitigating the risk of this attack, although attackers could easily redirect their attacks to a live server, he said.

Based in Taipei, ASUStek makes computer accessories like motherboards, video cards, and CD-ROMs. ASUStek Marketing Manager David Ray could not confirm that the Taiwanese site had been hacked, but he said that the company's U.S. Web site did not appear to be compromised.

The malware is of particular concern because it exploits a critical flaw, patched just this past week, in the way Windows processes .ani animated cursor files.

Reliable exploit code that targets this flaw has been circulating for more than a week now, and users who visit the ASUStek Web site before installing the MS07-017 patch could have their PCs compromised.

Kaspersky Lab also confirmed that the ASUS site had been hacked, and it confirmed Web sites used by the attackers were not live on Friday, making it impossible for them to download the malicious code.

The hack was reported earlier in the week by Conrad Longmore on the Dynamoo.com Web site.

According to Thompson, the ASUStek hack shows how easy it is for even trusted Web sites to be compromised. "If a major company like ASUStek can get hacked and be infective, anyone can," he said.