Security experts are observing a rising level of malware strains, which are trying out the Spectre and Meltdown vulnerabilities.
As reported by the researchers from Fortinet, AV-TEST, and Minerva, a number of crooks test the publicly available proof-of-concept (PoC) computer code for the Spectre (CVE-2017-5715, CVE-2017-5753) and Meltdown (CVE-2017-5754) vulnerabilities.
AV-TEST experts have identified 119 virus samples, which are linked to the above-mentioned chip vulnerabilities.
Virus samples discovered after the unleash of PoC code
First virus strains set off to getting identified on VirusTotal immediately after the researchers who discovered the Meltdown and Spectre vulnerabilities released their PoC code. Based on Fortinet report, the majority of these malware types contain the PoC code.
It is possible some IT experts investigate and play with the PoC code, but security researchers are confident a number of samples were created by cyber criminals trying to find ways to use the PoC code with malicious intentions.
The speed at which brand new strains emerge and get detected by VirusTotal, indicates more and more efforts are being placed into testing the POC code on daily basis.
Additionally, not all virus variants end up on VirusTotal. Professional virus writers may decide to avoid malware repositories in order to make antivirus firms stay blind to what kind of malware is being created.
Web Misuse Confirmed
Spectre and Meltdown are very serious flaws that once misused may provide hackers with the way to access a great deal of data from the kernel memory as well as from other applications.
Mozilla team has recently confirmed our most awful fears. Spectre can be remotely used by including malware code into ordinary\routine JavaScript files transferred via web-pages.
The most probable scenario that we are going to see is that these flaws get exploited by state actors and after that enter the exploit kits space and later the spam campaigns.
Comments