Disabling the 'backdoor' seems to just involve disabling SSH.
Maybe. My guess these are essentially Linux systems, so if attackers know that their exploits are widely known then they will likely try to figure out ways to install kernel mod rootkits.
It'll then end up in a situation with Windows XP/Vista days were IT desktop support staff would run malware removal tools to get rid of porn pop-ups on desktops only to have "reinfections" pop up a day or week or two later.
They'd blame users for this, but really they just never actually removed the command and control botnet features. They just addressed their payloads. The machines were never actually fixed in the first place.
This sort of thing is why there is such a emphasis on TPM and trusted boot on modern PCs.
IIRC ASUS router firmware is based on an old fork of Tomato, which is a Linux based router OS.
Fun fact: Supermicro motherboards do this by default too if you don't connect anything to their dedicated BMC network port: https://www.supermicro.com/manuals/other/IPMI_Users_Guide.pd...
Very effective.
That's when I decided to switch to Mikrotik routers and Ubiquity for APs and have had no regrets about that decision other than the relatively steep learning curve.
ctippett•1d ago
Darknet Diaries aired an episode back in 2017[1] that discusses the widespread vulnerabilities of ASUS routers. This latest development comes as no surprise.
[1] https://darknetdiaries.com/episode/5/
pixl97•1d ago
Another example: https://github.com/advisories/GHSA-x6hq-v32r-w2qr
Tepix•1d ago