Meltdown And Spectre Proof Of Concept Malware Code Hits The Internet

by Brandon Hill — Friday, February 02, 2018, 10:55 AM EDT

It's been roughly a month since the first reports concerning Spectre and Meltdown began appearing on the web. Since that time, hardware and software companies have been working together to release BIOS/microcode updates, software patches, and operating system kernel updates to protect customers. Even though the industry has been pushing out fixes at a rapid rate, malicious actors looking to take advantage of the exploits have also been working overtime.

According to AV-TEST, an independent organization that specializes in software that detects malware, has found 139 specific instances of malware software that is designed to exploit Meltdown and Spectre chip vulnerabilities. AV-TEST goes on to indicate that 1) the sample binaries have been complied for Windows, Linux and macOS, and 2) the numbers of citing has risen dramatically over the past month.

[UPDATE: 2018-02-01] #Spectre & #Meltdown: So far, the AV-TEST Institute discovered 139 samples which appear to be related to recently reported CPU vulnerabilities. #CVE-2017-5715 #CVE-2017-5753 #CVE-2017-5754

SHA256 Hashes: https://t.co/7tKScinC8Z pic.twitter.com/LxvHNqqYY4
— AV-TEST GmbH (@avtestorg) February 1, 2018

In case you need a refresher, the three exploits that are being probed at the moment are:

Variant 1 (Spectre): CVE-2017-5753 (Bound Check Bypass)
Variant 2 (Spectre): CVE-2017-5715 (Branch Target Injection)
Variant 3 (Meltdown): CVE-2017-5754 (Rogue Data Cache Load)

In addition, FortiGuard Labs says that it has "analyzed all of the publicly available samples, representing about 83 percent of all the samples that have been collected, and determined that they were all based on proof of concept code. The other 17 percent may have not been shared publicly because they were either under NDA or were unavailable for reasons unknown to us."

FortiGuard goes on to warn that there are "key challenges" to addressing Spectre and Meltdown exploits because "affected chips are already embedded in millions of devices running in home or production environments" and that "developing a patch that resolves their exposed side-channel issues is extremely complicated."

As we've seen by the problems with bricked AMD systems and Intel systems that have been stricken with unexpected reboots, that last statement is most definitely accurate. For now, all PC users are urged to remain up-to-date with regards to OS updates, virus/malware definitions and BIOS updates. Following these practices is your best defense against what appears to be a brewing Meltdown-Spectre malware showdown.

Tags: Malware, spectre, meltdown

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.

Which New GPU Is For You?

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now