Slashdot Mirror
Malware Exploiting Spectre, Meltdown CPU Flaws Emerges (securityweek.com)
wiredmikey quotes SecurityWeek: Researchers have discovered more than 130 malware samples designed to exploit the recently disclosed Spectre and Meltdown CPU vulnerabilities. While a majority of the samples appear to be in the testing phase, we could soon start seeing attacks... On Wednesday, antivirus testing firm AV-TEST told SecurityWeek that it has obtained 139 samples from various sources, including researchers, testers and antivirus companies... Fortinet, which also analyzed many of the samples, confirmed that a majority of them were based on available proof of concept code. Andreas Marx, CEO of AV-TEST, believes different groups are working on the PoC exploits to determine if they can be used for some purpose. "Most likely, malicious purposes at some point," he said.
>If a researcher, tester, AV company sends some PoC code opening calc.exe, then this is not malware!
If a researcher, tester, AV company sends some PoC code opening calc.exe, then you can reasonably assume that malicious code based on the same exploit already exists and is probably further along.
I'm working on my OSCE and I can confirm this. The code is out there, people are using it. To what degree of success is the real question. I've heard people say they were very successful but they could be bloviating.
Spectre is harder to exploit you're correct. Meltdown however is way more dangerous and not hard at all to implement. Heres some PoC links for you to look through.
https://github.com/paboldin/me...
https://github.com/gkaindl/mel...
https://github.com/IAIK/meltdo...
https://github.com/RealJTG/Mel...
That was from a 5 second google search. I have only tested the top one myself but I know it works.
That was from a 5 second google search. I have only tested the top one myself but I know it works.
Thanks and sorry for having been so lazy myself. Anyway, I also looked at the first one and it seems to deliver (didn't run it, just read the docs and saw the video) pretty much the same than what I have seen in some other places: memory dumps (from in principle protected locations). This is kind of demonstrating what the bug is about, but not the real exploit I meant. What I meant with real exploit was an application which might actually be used to perform whatever potentially-dangerous action on my computer. Having access to protected memory isn't ideal, true; but how could all that be easily use to accomplish whatever goal? How could you convert those memory locations into ways to trick whatever software to behave against my intent? Having just a memory dump isn't too useful by itself.
Then, I took a look at the fourth one (with 482 stars!) which is a simple C file, with no instructions that, when executed, prints an a array of strings which might a song or something?! The readme says that it can read password from Chrome?! (by assuming that all the hidden fields are stored in the same way and in the same place in all the OSs, it might make sense but not in any other scenario. And why just Chrome?!). In any case, that code is just running the loop with the song, nothing else(!!).
Then, I looked at the second one which is also a C file but much more complex than the aforementioned sample. This time I cannot know immediately what it does, so I run it and it printed out something about it working and what seems memory locations. Again, no instructions no explanation and, at first sight, no idea how this is supposed to be reading passwords from anywhere. I think that I have now more doubts than before your post (thanks again, anyway)! If reading passwords from a browser is so easy why aren't they including a clear code/application with clear instructions? Or even worse: why all of them are saying that everything works fine, that it is very scary when their codes don't seem to be doing anything? Perhaps I am a bit tired now and am I missing something or what?
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
Except AMD is far less vulnerable than Intel.
You know this thing called Google exists right? It took me literally 2 seconds to do a search. This was the first result So we're you not just wrong but also so lazy you couldn't spend 2 seconds to do a search?
Well, there's spam egg sausage and spam, that's not got much spam in it.