Malware Exploiting Spectre, Meltdown CPU Flaws Emerges

wiredmikey quotes SecurityWeek: Researchers have discovered more than 130 malware samples designed to exploit the recently disclosed Spectre and Meltdown CPU vulnerabilities. While a majority of the samples appear to be in the testing phase, we could soon start seeing attacks... On Wednesday, antivirus testing firm AV-TEST told SecurityWeek that it has obtained 139 samples from various sources, including researchers, testers and antivirus companies... Fortinet, which also analyzed many of the samples, confirmed that a majority of them were based on available proof of concept code. Andreas Marx, CEO of AV-TEST, believes different groups are working on the PoC exploits to determine if they can be used for some purpose. "Most likely, malicious purposes at some point," he said.

Well duh.

Did you really expect this massive, gaping security hole, that got a metric fuckton of media coverage, to go unexploited?

Re:Fearmongering bullshit article seeding FUD

[Baron_Yam]

>If a researcher, tester, AV company sends some PoC code opening calc.exe, then this is not malware!

If a researcher, tester, AV company sends some PoC code opening calc.exe, then you can reasonably assume that malicious code based on the same exploit already exists and is probably further along.

Re: Fearmongering bullshit article seeding FUD

The time from proof of concept to full blown malicious code in the wild is measured in days. I'm happy for you that you have such a comforting false sense of security, but others of us know better.