{"id":4880,"date":"2018-02-04T01:29:00","date_gmt":"2018-02-04T00:29:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=4880"},"modified":"2024-10-05T19:01:28","modified_gmt":"2024-10-05T17:01:28","slug":"malware-using-meltdown-and-spectre-attacks-under-develoment-windows-defender-quarantines-poc-tools","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/02\/04\/malware-using-meltdown-and-spectre-attacks-under-develoment-windows-defender-quarantines-poc-tools\/","title":{"rendered":"Malware using Meltdown and Spectre attacks under develoment &ndash; Windows Defender quarantines PoC tools"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" height=\"47\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2018\/02\/04\/bald-angriffe-ber-meltdown-und-spectre-zu-erwarten\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Currently, there are growing indications that we could experience side channel attacks on computer systems using Meltdown and Spectre vulnerabilities in the near future.<\/p>\n<p><!--more--><\/p>\n<h2>More and more samples in circulation<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ssl-vg03.met.vgwort.de\/na\/cb2267481c624affa6b529f8224068e3\" alt=\"\" width=\"1\" height=\"1\" \/>Security researchers are seeing more and more suspicious file examples experimenting with the vulnerabilities of Meltdown and Spectre. Experts from AV-TEST, Fortinet and Minerva Labs have found that several people are experimenting with publicly available proof-of-concept (PoC) code for the vulnerabilities of Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753).<\/p>\n<p><img decoding=\"async\" title=\"Zunahme der Spectre\/Meltdown-Samples\" src=\"https:\/\/i.imgur.com\/lci0q4O.jpg\" alt=\"Zunahme der Spectre\/Meltdown-Samples\" \/><br \/>\n(Increase in spectre\/meltdown samples, source:: AV-TEST)<\/p>\n<p>Researchers at AV-TEST have discovered <a href=\"https:\/\/plus.google.com\/photos\/photo\/100383867141221115206\/6517535568830348546\" target=\"_blank\" rel=\"noopener\">139 suspicious file samples<\/a> associated with the above mentioned CPU vulnerabilities. You can find <a href=\"https:\/\/web.archive.org\/web\/20180201003450\/https:\/\/blog.fortinet.com\/2018\/01\/30\/the-exponential-growth-of-detected-malware-targeted-at-meltdown-and-spectre\" target=\"_blank\" rel=\"noopener\">this article in Fortinet's blog<\/a>. The danger that a functioning attack will soon take place is growing. Details can be found at <a href=\"https:\/\/web.archive.org\/web\/20211230092703\/https:\/\/www.bleepingcomputer.com\/news\/security\/we-may-soon-see-malware-leveraging-the-meltdown-and-spectre-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">Bleeping Computer.<\/a><\/p>\n<h2>Antivirus vendors started to add patterns<\/h2>\n<p>The <a href=\"https:\/\/web.archive.org\/web\/20211230092703\/https:\/\/www.bleepingcomputer.com\/news\/security\/we-may-soon-see-malware-leveraging-the-meltdown-and-spectre-vulnerabilities\/\" target=\"_blank\" rel=\"noopener\">Bleeping Computer<\/a> article indicates, that not all malware samples has been uploaded to Virustotal. And many samples are related to security researchers. But Antivirus vendors seems to have begun, to add know code patters to their signature files. Windows Defender quarantines tools, that are using strings like \"Squeamish Ossifrage\" or \"malicious_x = %p\". German site heise.de reported that within the article <a href=\"https:\/\/www.heise.de\/security\/meldung\/Microsoft-stuft-das-PoC-Programm-zu-Spectre-als-boesartig-ein-3959995.html\" target=\"_blank\" rel=\"noopener\">Microsoft stuft das PoC-Programm zu Spectre als b\u00f6sartig ein<\/a> [<a href=\"https:\/\/translate.google.com\/translate?sl=de&amp;tl=en&amp;js=y&amp;prev=_t&amp;hl=de&amp;ie=UTF-8&amp;u=https%3A%2F%2Fwww.heise.de%2Fsecurity%2Fmeldung%2FMicrosoft-stuft-das-PoC-Programm-zu-Spectre-als-boesartig-ein-3959995.html&amp;edit-text=\" target=\"_blank\" rel=\"noopener\">Google Translate version<\/a>].<\/p>\n<p><strong>Similar articles<br \/>\n<\/strong><a href=\"https:\/\/web.archive.org\/web\/20230329202253\/https:\/\/borncity.com\/win\/2018\/01\/03\/design-flaw-in-intel-cpus-set-operating-systems-at-risk\/\">Design flaw in Intel CPUs set operating systems at risk<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2018\/01\/12\/meltdown-and-spectre-what-windows-users-need-to-know\/\">Meltdown and Spectre: What Windows users need to know<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2018\/01\/11\/how-to-mitigate-spectre-in-google-chrome\/\">How to mitigate Spectre in Google Chrome<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2018\/01\/10\/tool-tip-ashampo-spectre-meltdown-cpu-checker\/\">Tool tip: Ashampo Spectre Meltdown CPU-Checker<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2018\/01\/11\/test-is-my-browser-vulnerable-for-spectre-attacks\/\">Test: Is my browser vulnerable for Spectre attacks?<\/a><br \/>\n<a href=\"https:\/\/web.archive.org\/web\/20210422224433\/https:\/\/borncity.com\/win\/2018\/01\/17\/inspectre-test-your-machine-against-meltdown-spectre-flaw\/\">InSpectre: Test your machine against Meltdown\/Spectre flaw<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Currently, there are growing indications that we could experience side channel attacks on computer systems using Meltdown and Spectre vulnerabilities in the near future.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-4880","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=4880"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4880\/revisions"}],"predecessor-version":[{"id":35715,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4880\/revisions\/35715"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=4880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=4880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=4880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}