Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Intel

Malware Exploiting Spectre, Meltdown CPU Flaws Emerges (securityweek.com) 84

wiredmikey quotes SecurityWeek: Researchers have discovered more than 130 malware samples designed to exploit the recently disclosed Spectre and Meltdown CPU vulnerabilities. While a majority of the samples appear to be in the testing phase, we could soon start seeing attacks... On Wednesday, antivirus testing firm AV-TEST told SecurityWeek that it has obtained 139 samples from various sources, including researchers, testers and antivirus companies... Fortinet, which also analyzed many of the samples, confirmed that a majority of them were based on available proof of concept code. Andreas Marx, CEO of AV-TEST, believes different groups are working on the PoC exploits to determine if they can be used for some purpose. "Most likely, malicious purposes at some point," he said.
This discussion has been archived. No new comments can be posted.

Malware Exploiting Spectre, Meltdown CPU Flaws Emerges

Comments Filter:
  • by klingens ( 147173 ) on Sunday February 04, 2018 @11:58AM (#56066215)

    If a researcher, tester, AV company sends some PoC code opening calc.exe, then this is not malware! To be malware, some code has to be actually malicious, doing evil things like encrypting harddisks for ransom, sending spam, mining coins, etc.. Simply trying out a bug in existing software to get a better understanding or to write AV detection routines is not malware!

    Except maybe code from AV companies. That is probably always malware, no matter the intent or what it actually does

    • by Dwedit ( 232252 )

      Isn't there this thing called Metasploit, where exploits get added in there, then malware just uses whatever exploits it wants to?

      • There is such a thing called Metasploit, but no it isn't an automated tool it is mainly for testing and manually pentesting stuff. You can however take exploits from it and combine them into your program, but if you wanted to add the entire tool it would be gigabytes large and would definitely be easily detected by people, not just AV software. The goal in malware, especially self spreading malware is to keep your executable as small as possible while still having all of the functionality you need.

        • by Dwedit ( 232252 )

          There is precedent for huge malware, look at Stuxnet.

          • Not nearing the size you're suggesting. Even with all of the functionality that some malicious files have, they're still only megabytes large at most.

    • by Baron_Yam ( 643147 ) on Sunday February 04, 2018 @12:16PM (#56066313)

      >If a researcher, tester, AV company sends some PoC code opening calc.exe, then this is not malware!

      If a researcher, tester, AV company sends some PoC code opening calc.exe, then you can reasonably assume that malicious code based on the same exploit already exists and is probably further along.

      • by geek ( 5680 ) on Sunday February 04, 2018 @01:03PM (#56066549)

        >If a researcher, tester, AV company sends some PoC code opening calc.exe, then this is not malware!

        If a researcher, tester, AV company sends some PoC code opening calc.exe, then you can reasonably assume that malicious code based on the same exploit already exists and is probably further along.

        I'm working on my OSCE and I can confirm this. The code is out there, people are using it. To what degree of success is the real question. I've heard people say they were very successful but they could be bloviating.

      • by kackle ( 910159 )
        First of all, it depends upon one's definition: Is 'malware emerges' the vector, or the damaging payload (or both)? Secondly, and I am ignorant to the mechanism, can such exploits include an .EXE or do they require it already be on the machine somewhere?
    • by Anonymous Coward on Sunday February 04, 2018 @12:18PM (#56066319)

      The time from proof of concept to full blown malicious code in the wild is measured in days. I'm happy for you that you have such a comforting false sense of security, but others of us know better.

    • So an exploit that affects virtually all the Intel processor out there in addition to some AMD ones as well as models of IBM and ARM processors shouldn't be taken seriously? It is an exploit that can be executed from JavaScript therefore from a web browser. How is that fear mongering by an AV vendor? Patch your systems and malware won't affect it.
      • But mah clocks!! You are right, this should be patched immediately and correctly, but some vendors don't think you should be secure by default. They feel you should have to already know that their products are insecure and let you choose to make it secure or not.

      • by mea2214 ( 935585 )

        Patch your systems and malware won't affect it.

        Not that simple. AFAIK you need to update your BIOS. MS had to release a patch to roll back a buggy patch over this in Windows. Even with your system "patched" you won't know it's secure unless you can test it. There should be a PoC web site with a javascript exploit that will dump the contents of your kernel. I don't know of any as of yet. I prefer to take my chances and not patch anything right now until they get the patches bug free and have a way we can reliably test them. Based upon my use case

      • by Anonymous Coward

        It is an exploit that can be executed from JavaScript

        LOL, sure it can...

        I've asked numerous people to show me a live demo of JavaScript using the Meltdown and Spectre "exploits" and none have ever responded. I just get directed to the questionable whitepaper, which isn't what I asked for and proves nothing.

        So prove it or shut up.

        • You know this thing called Google exists right? It took me literally 2 seconds to do a search. This was the first result [react-etc.net] So we're you not just wrong but also so lazy you couldn't spend 2 seconds to do a search?
    • Comment removed based on user account deletion
  • Well duh. (Score:4, Insightful)

    by Anonymous Coward on Sunday February 04, 2018 @11:59AM (#56066219)

    Did you really expect this massive, gaping security hole, that got a metric fuckton of media coverage, to go unexploited?

  • Comment removed based on user account deletion
  • Well now well see just how good my AV is..I didn't patch im on win 7 ultimate upgrade from Vista full. It would be a HUGE PITA to recover lol but i refuse to go win 10. im not paying for an OS that forces ads on me or controls what i choose to install on MY hardware..you get the point...
    • Well now well see just how good my AV is..I didn't patch im on win 7 ultimate upgrade from Vista full. It would be a HUGE PITA to recover lol but i refuse to go win 10. im not paying for an OS that forces ads on me or controls what i choose to install on MY hardware..you get the point...

      You should consider upgrading to Linux!

      • by HiThere ( 15173 )

        While I agree with your sentiments, that doesn't address *this* problem. This is a hardware (well, at least microcode) problem, and all OSes are vulnerable.

  • by eclectro ( 227083 ) on Sunday February 04, 2018 @02:27PM (#56066965)

    Get all passwords and documents you care about off the pc so there is nothing for spectre to read. The spectre attacks are not detectable so antivirus programs likely will not detect them. Running a secure Linux rather than Windows still might be the best hope, but not for attacks taking place through the browser. Perhaps have an "empty" machine with just a browser for internet connectivity and browsing/surfing.

    • by abies ( 607076 )

      Perhaps have an "empty" machine with just a browser for internet connectivity and browsing/surfing.

      You mean unimportant surfing like accessing bank account, bitcoin wallet and whatever?
      If these things are accessible to hackers, I don't know if I care that much if they are able to read my 3 years old Witcher 3 savegames. Or opensource code I'll upload to github next day anyway.

      For 99.99% of the people, only things they really need to protect are things they do on the internet. Having secure, internet-less machine is not very useful for most of us.

    • by ZosX ( 517789 )

      From what I understand the current spectre attacks would take code to run locally for them to exploit it.

No spitting on the Bus! Thank you, The Mgt.

Working...