Windows 10 News and info | Forum
March 25, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Meltdown-Spectre: Malware is already being tested by attackers  (Read 310 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 29782

I Do Windows

WWW Email
« on: February 01, 2018, 05:42:56 PM »

German antivirus testing firm AV-Test has identified 139 samples of malware that seem to be early attempts at exploiting the Meltdown and Spectre CPU bugs.

"So far, the AV-Test Institute discovered 139 samples that appear to be related to recently reported CPU vulnerabilities. CVE-2017-5715, CVE-2017-5753, CVE-2017-5754," the company wrote on Twitter.

The company has posted SHA-256 hashes of several samples that a check on Google's VirusTotal indicates is being detected by some antivirus engines.

Since Google disclosed the Meltdown and Spectre attacks on January 3, operating system vendors, chip makers, and browser makers have released patches to mitigate the three types of speculative side-channel attacks.

Google's Chromium developers assessed that the attacks could impact browsers that support JavaScript and WebAssembly when executing externally code from a website.

As Apple noted after issuing its patches, the Spectre attacks are extremely difficult to exploit, even if a malicious app is running locally on a macOS or iOS device. However, the attacks can be exploited in JavaScript running in the browser. A successful attack could expose passwords and other secrets.

AV-Test told SecurityWeek that it has found the first JavaScript proof-of-concept (PoC) attacks for web browsers. Most of the malware samples are versions of PoCs that have been published online.

The number of samples AV-Test has collected has steadily climbed since the first one was spotted on January 7. By January 21 it had over 100 samples, and as of the end of January the count was 139.

Bugs in Intel's microcode updates for the Spectre Variant 2 attack have caused the most problems on patched systems, prompting HP and Dell to pause and roll back their respective BIOS updates, while Microsoft this week issued a Windows update that disabled Intel's fix for Variant 2. Intel is working on microcode updates that don't cause higher reboots and potential data loss.

In all three cases where updates have been pulled, existing mitigations for Spectre Variant 1 and Meltdown Variant 3 have been left in place. The threat of JavaScript attacks against browsers stems from Variant 1.

AV-Test's CEO Andreas Marx told ZDNet each of the 139 samples only use one of the three attacks. But while the files contain the "problematic program codes", Marx added he can't confirm that all of them successfully exploit the vulnerabilities.

"Due to the extremely high number of affected computers/systems and the complexity to 'fix' the Spectre-Meltdown vulnerabilities, I'm sure that the malware writers are just looking for the best ways to extract information from computers and especially browsers," he said.

As it is though, cybercriminals would probably find it easier and more profitable to use tools to build ransomware or a cryptocurrency miner.

He also offered a tip to minimize your risk of being hit by any more successful Spectre malware that may emerge.

"If you don't need your PC for more than an hour, switch it off. If you go for lunch or a break, close your browser. This should decrease your attack surface a lot and also save some energy," said Marx.

Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page December 17, 2018, 06:01:29 PM