We Will See Virus Authors Employing the Spectre and Meltdown Cpu Flaws

 

Security experts are observing a rising level of malware strains, which are trying out the Spectre and Meltdown vulnerabilities.

As reported by the researchers from Fortinet, AV-TEST, and Minerva, a number of crooks test the publicly available proof-of-concept (PoC) computer code for the Spectre (CVE-2017-5715, CVE-2017-5753) and Meltdown (CVE-2017-5754) vulnerabilities.

AV-TEST experts have identified 119 virus samples, which are linked to the above-mentioned chip vulnerabilities.

Virus samples discovered after the unleash of PoC code

First virus strains set off to getting identified on VirusTotal immediately after the researchers who discovered the Meltdown and Spectre vulnerabilities released their PoC code. Based on Fortinet report, the majority of these malware types contain the PoC code.

It is possible some IT experts investigate and play with the PoC code, but security researchers are confident a number of samples were created by cyber criminals trying to find ways to use the PoC code with malicious intentions.

The speed at which brand new strains emerge and get detected by VirusTotal, indicates more and more efforts are being placed into testing the POC code on daily basis.

Additionally, not all virus variants end up on VirusTotal. Professional virus writers may decide to avoid malware repositories in order to make antivirus firms stay blind to what kind of malware is being created.

Web Misuse Confirmed

Spectre and Meltdown are very serious flaws that once misused may provide hackers with the way to access a great deal of data from the kernel memory as well as from other applications.

Mozilla team has recently confirmed our most awful fears. Spectre can be remotely used by including malware code into ordinary\routine JavaScript files transferred via web-pages.

The most probable scenario that we are going to see is that these flaws get exploited by state actors and after that enter the exploit kits space and later the spam campaigns.

Views: 61

Comments are closed for this blog post

Our Sponsors

Would you like to reach over 70,000 + Risk Professionals? 

REQUEST OUR MEDIA KIT

 

Advance Your Career - Take the Global Risk Academy Courses Below

Business Exchange

If your organization delivers products and services that bring value to our members, you are welcome to join our partnership program.

Companies are welcome to setup a business profile page in our Multimedia Business Directory. You will get full control of the page and can include cutting edge possibilities – videos, adverts, presentations, white papers, job offers, Press Releases, product information, company blog, news feeds and more.

CLICK HERE TO APPLY

Our Knowledge Partners

Request our MEDIA KIT

Our Twitter feed

© 2018   Created by Boris Agranovich.   Powered by

Badges  |  Report an Issue  |  Terms of Service