Meltdown And Spectre Proof Of Concept Malware Code Hits The Internet
According to AV-TEST, an independent organization that specializes in software that detects malware, has found 139 specific instances of malware software that is designed to exploit Meltdown and Spectre chip vulnerabilities. AV-TEST goes on to indicate that 1) the sample binaries have been complied for Windows, Linux and macOS, and 2) the numbers of citing has risen dramatically over the past month.
[UPDATE: 2018-02-01] #Spectre & #Meltdown: So far, the AV-TEST Institute discovered 139 samples which appear to be related to recently reported CPU vulnerabilities. #CVE-2017-5715 #CVE-2017-5753 #CVE-2017-5754— AV-TEST GmbH (@avtestorg) February 1, 2018
SHA256 Hashes: https://t.co/7tKScinC8Z pic.twitter.com/LxvHNqqYY4
In case you need a refresher, the three exploits that are being probed at the moment are:
- Variant 1 (Spectre): CVE-2017-5753 (Bound Check Bypass)
- Variant 2 (Spectre): CVE-2017-5715 (Branch Target Injection)
- Variant 3 (Meltdown): CVE-2017-5754 (Rogue Data Cache Load)
In addition, FortiGuard Labs says that it has "analyzed all of the publicly available samples, representing about 83 percent of all the samples that have been collected, and determined that they were all based on proof of concept code. The other 17 percent may have not been shared publicly because they were either under NDA or were unavailable for reasons unknown to us."
FortiGuard goes on to warn that there are "key challenges" to addressing Spectre and Meltdown exploits because "affected chips are already embedded in millions of devices running in home or production environments" and that "developing a patch that resolves their exposed side-channel issues is extremely complicated."
As we've seen by the problems with bricked AMD systems and Intel systems that have been stricken with unexpected reboots, that last statement is most definitely accurate. For now, all PC users are urged to remain up-to-date with regards to OS updates, virus/malware definitions and BIOS updates. Following these practices is your best defense against what appears to be a brewing Meltdown-Spectre malware showdown.