Slashdot Mirror
Malware Exploiting Spectre, Meltdown CPU Flaws Emerges (securityweek.com)
wiredmikey quotes SecurityWeek: Researchers have discovered more than 130 malware samples designed to exploit the recently disclosed Spectre and Meltdown CPU vulnerabilities. While a majority of the samples appear to be in the testing phase, we could soon start seeing attacks... On Wednesday, antivirus testing firm AV-TEST told SecurityWeek that it has obtained 139 samples from various sources, including researchers, testers and antivirus companies... Fortinet, which also analyzed many of the samples, confirmed that a majority of them were based on available proof of concept code. Andreas Marx, CEO of AV-TEST, believes different groups are working on the PoC exploits to determine if they can be used for some purpose. "Most likely, malicious purposes at some point," he said.
If a researcher, tester, AV company sends some PoC code opening calc.exe, then this is not malware! To be malware, some code has to be actually malicious, doing evil things like encrypting harddisks for ransom, sending spam, mining coins, etc.. Simply trying out a bug in existing software to get a better understanding or to write AV detection routines is not malware!
Except maybe code from AV companies. That is probably always malware, no matter the intent or what it actually does
Did you really expect this massive, gaping security hole, that got a metric fuckton of media coverage, to go unexploited?
Spectre is harder to exploit you're correct. Meltdown however is way more dangerous and not hard at all to implement. Heres some PoC links for you to look through.
https://github.com/paboldin/me...
https://github.com/gkaindl/mel...
https://github.com/IAIK/meltdo...
https://github.com/RealJTG/Mel...
That was from a 5 second google search. I have only tested the top one myself but I know it works.
That was from a 5 second google search. I have only tested the top one myself but I know it works.
Thanks and sorry for having been so lazy myself. Anyway, I also looked at the first one and it seems to deliver (didn't run it, just read the docs and saw the video) pretty much the same than what I have seen in some other places: memory dumps (from in principle protected locations). This is kind of demonstrating what the bug is about, but not the real exploit I meant. What I meant with real exploit was an application which might actually be used to perform whatever potentially-dangerous action on my computer. Having access to protected memory isn't ideal, true; but how could all that be easily use to accomplish whatever goal? How could you convert those memory locations into ways to trick whatever software to behave against my intent? Having just a memory dump isn't too useful by itself.
Then, I took a look at the fourth one (with 482 stars!) which is a simple C file, with no instructions that, when executed, prints an a array of strings which might a song or something?! The readme says that it can read password from Chrome?! (by assuming that all the hidden fields are stored in the same way and in the same place in all the OSs, it might make sense but not in any other scenario. And why just Chrome?!). In any case, that code is just running the loop with the song, nothing else(!!).
Then, I looked at the second one which is also a C file but much more complex than the aforementioned sample. This time I cannot know immediately what it does, so I run it and it printed out something about it working and what seems memory locations. Again, no instructions no explanation and, at first sight, no idea how this is supposed to be reading passwords from anywhere. I think that I have now more doubts than before your post (thanks again, anyway)! If reading passwords from a browser is so easy why aren't they including a clear code/application with clear instructions? Or even worse: why all of them are saying that everything works fine, that it is very scary when their codes don't seem to be doing anything? Perhaps I am a bit tired now and am I missing something or what?
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
Well now well see just how good my AV is..I didn't patch im on win 7 ultimate upgrade from Vista full. It would be a HUGE PITA to recover lol but i refuse to go win 10. im not paying for an OS that forces ads on me or controls what i choose to install on MY hardware..you get the point...
You should consider upgrading to Linux!
Get all passwords and documents you care about off the pc so there is nothing for spectre to read. The spectre attacks are not detectable so antivirus programs likely will not detect them. Running a secure Linux rather than Windows still might be the best hope, but not for attacks taking place through the browser. Perhaps have an "empty" machine with just a browser for internet connectivity and browsing/surfing.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
The first part of your comment I agree with, but Intel probably *can't* provide compatible fixed versions of their CPUs except by disabling speculative execution, which would slow things down considerably, so just about nobody would want them. (And they could probably do that with a downloadable microcode update.)
The unfortunate thing about this current set of news is that it's not just Meltdown that's being targeted, but also Spectre. If that can be successfully exploited, then it's a much more serious problem, as it affects nearly everything more powerful than a Raspberry Pi.
I think we've pushed this "anyone can grow up to be president" thing too far.
Except AMD is far less vulnerable than Intel.