Malware using Meltdown and Spectre attacks under develoment – Windows Defender quarantines PoC tools

[German]Currently, there are growing indications that we could experience side channel attacks on computer systems using Meltdown and Spectre vulnerabilities in the near future.


More and more samples in circulation

Security researchers are seeing more and more suspicious file examples experimenting with the vulnerabilities of Meltdown and Spectre. Experts from AV-TEST, Fortinet and Minerva Labs have found that several people are experimenting with publicly available proof-of-concept (PoC) code for the vulnerabilities of Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753).

Zunahme der Spectre/Meltdown-Samples
(Increase in spectre/meltdown samples, source:: AV-TEST)

Researchers at AV-TEST have discovered 139 suspicious file samples associated with the above mentioned CPU vulnerabilities. You can find this article in Fortinet's blog. The danger that a functioning attack will soon take place is growing. Details can be found at Bleeping Computer.

Antivirus vendors started to add patterns

The Bleeping Computer article indicates, that not all malware samples has been uploaded to Virustotal. And many samples are related to security researchers. But Antivirus vendors seems to have begun, to add know code patters to their signature files. Windows Defender quarantines tools, that are using strings like "Squeamish Ossifrage" or "malicious_x = %p". German site reported that within the article Microsoft stuft das PoC-Programm zu Spectre als bösartig ein [Google Translate version].

Similar articles
Design flaw in Intel CPUs set operating systems at risk
Meltdown and Spectre: What Windows users need to know
How to mitigate Spectre in Google Chrome
Tool tip: Ashampo Spectre Meltdown CPU-Checker
Test: Is my browser vulnerable for Spectre attacks?
InSpectre: Test your machine against Meltdown/Spectre flaw


Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *