Closed

Hundreds Of Meltdown, Spectre Malware Samples Found In The Wild

Security company Fortinet said that Meltdown and Spectre malware has already been seen in the wild, at a time when chip makers and OS vendors are still struggling to release patches to all of their users.

Hundreds Of Meltdown, Spectre Malware Samples Found In The Wild : Read more
25 answers Last reply
More about hundreds meltdown spectre malware samples found wild
  1. Thanks for the heads up & this clearly shows I was right about the fact that the people that exposed these problems should have just kept their mouths shut to the public and let the companies involved just handle the problem and get the fixes out without alerting the goon squad of low life's that like to prey on people for the glory of it all to gain higher ranks in the goon squad community.
  2. This is starting to look bad... it did not take long time to make programs to utilise these problems.
  3. techy1966 said:
    Thanks for the heads up & this clearly shows I was right about the fact that the people that exposed these problems should have just kept their mouths shut to the public and let the companies involved just handle the problem and get the fixes out without alerting the goon squad of low life's that like to prey on people for the glory of it all to gain higher ranks in the goon squad community.


    You're right in that only Microsoft, AMD, Intel, and ARM vendors really needed to know for the time being. However, without public pressure, these companies would implement these fixes slowly, instead of rushing them into their next designs like they're doing now.
  4. I'm more frustrated that Intel's 5-years of fixes are being cut down to 2-years or less for many customers. Motherboard, system, and firmware vendors are not coping with this scale of a problem. X79 computers with Ivy Bridge-E should be supported by patches given the 5-year time frame, but good luck getting OEMs to pass along those patches. Same goes for X99 and Haswell-E. "Supported" but not really. Frustrating.
  5. They absolutely should have announced these exploits to the public to put pressure on companies to patch them. However, what they should not have released to the public was the poc code. That was flat out idiotic. There is zero reason that code needed to be released to demonstrate the threat wasn't just theoretical. If companies don't come clean to the public and work to patch the flaw as quickly as possible after you announce the flaws, then you threaten to release the code. If still nothing happens then you release the code.
  6. Intel better get moving. No BIOS update yet for my Intel motherboard or HP laptop. This is really getting worrisome.
  7. kinggremlin said:
    They absolutely should have announced these exploits to the public to put pressure on companies to patch them. However, what they should not have released to the public was the poc code. That was flat out idiotic. There is zero reason that code needed to be released to demonstrate the threat wasn't just theoretical. If companies don't come clean to the public and work to patch the flaw as quickly as possible after you announce the flaws, then you threaten to release the code. If still nothing happens then you release the code.


    Agreed. This would give them ample time to actually make a Proper "Fix" vs SHIT SHIT WE GOT TO FIX THIS NOW! and look what happens? bugs bugs and more bugs.
  8. I mean, if the only people who could fix these issues were the vendors and manufacturers, i would agree with not releasing it to the public. But some of the greatest work done is crowd sourced, and I am sure for every hundred people trying to exploit this, there has to be at least one person out there writing code to prevent spectre and meltdown. Maybe someone from the consumer community can help?
  9. kinggremlin said:
    They absolutely should have announced these exploits to the public to put pressure on companies to patch them.

    While this may work for software bugs where companies can fix the bugs but choose not to, the same cannot be said about HARDWARE bugs and side-channel attacks where a field fix is likely to be impossible or incomplete regardless of how much pressure you put on the manufacturer.

    To make that worse, the definitive fix in the form of new hardware designed to address those attacks are at least a year away from the date where CPU manufacturers get notified simply due to the 6+ months from engineering changes, through regression testing to tape-out and 4-6 months from tape-out to production when all goes well. From there, it may be 5+ years before most people and companies are done upgrading their systems to more secure CPUs.

    There is no quick fix for hardware-related exploits. Even in a best-case scenario, you're looking at hundreds of millions of potentially vulnerable devices remaining online for the next several years.

    However, keep in mind that exploiting Meltdown and Spectre requiires local code execution, which means that your system has already been compromised by some other way before any of those exploits can actually be used on your system, unlike software bugs which often enable remote code execution and unintended execution of a malicious payload.
  10. techy1966 said:
    Thanks for the heads up & this clearly shows I was right about the fact that the people that exposed these problems should have just kept their mouths shut to the public and let the companies involved just handle the problem and get the fixes out without alerting the goon squad of low life's that like to prey on people for the glory of it all to gain higher ranks in the goon squad community.


    You do realize that Intel told their Chinese partners long ago about the vulnerability, before they even told the US government. So it is safe to assume that the Chinese government has been trying to exploit this for at least 6 months. The reason no viruses where found could simply be because the vulnerabilities have been used until now only in targeted attacks against individuals and/or because the anti-virus companies have not been aware of these attacks.
  11. "should have just kept their mouths shut to the public and let the companies involved just handle the problem and get the fixes out without alerting the goon squad" (anonymous... now sure how you quote properly lol)

    "It was made public in conjunction with another vulnerability, Meltdown, on January 3, 2018, after the affected hardware vendors had already been made aware of the issue on June 1, 2017" - Spectre Wikpedia article

    Apparently they were notified 6 months prior to public release apparently. Not sure if OS vendors were notified at same time? From what Linus Torvalds was saying, Intel's attempt at patching the hardware is all a load of crap, just a flag that can be disabled in software... From what I can tell, there's nothing that can "fix" the hardware on existing chips... i.e. there's no programmable ROM to fix it (could be wrong, haven't really researched that much...)
  12. "We may eventually see OS vendors develop some fixes, such as Google’s Retpoline, that fix the flaws at the OS-level."

    Retpoline isn't an "OS-level fix" by itself, really. It requires you to recompile each piece of software. Even if the fix is as good as they claim, it isn't always ideal when you start looking at custom software companies often rely on. It also may tack on to the performance impact for some types of enterprise workloads. So failing a recompile with Retpoline, your best hope is a combination of OS PLUS hardware and/or microcode mitigations, both of which Intel is seriously struggling with.
  13. kinggremlin said:
    They absolutely should have announced these exploits to the public to put pressure on companies to patch them. However, what they should not have released to the public was the poc code. That was flat out idiotic. There is zero reason that code needed to be released to demonstrate the threat wasn't just theoretical. If companies don't come clean to the public and work to patch the flaw as quickly as possible after you announce the flaws, then you threaten to release the code. If still nothing happens then you release the code.

    I support the idea that the release of the code shouldn't coincide with the public announcement. I would favor a further delay, between the two. However, I think they might need to follow a fixed policy, in order for their actions to be legally defensible. Otherwise, they could be vulnerable to coercion by vendors, or perhaps even litigation.

    Also, the purpose of the PoC code isn't only to prove their claims - it's also needed by customers (think big OEMs or data center customers) to verify that the manufacturers really did fix the problem. Even PC utility makers, like SiSoft or anti-virus vendors could include the code to check if your system is still vulnerable.
  14. alextheblue said:
    "We may eventually see OS vendors develop some fixes, such as Google’s Retpoline, that fix the flaws at the OS-level."

    Retpoline isn't an "OS-level fix" by itself, really. It requires you to recompile each piece of software. Even if the fix is as good as they claim, it isn't always ideal when you start looking at custom software companies often rely on. It also may tack on to the performance impact for some types of enterprise workloads. So failing a recompile with Retpoline, your best hope is a combination of OS PLUS hardware and/or microcode mitigations, both of which Intel is seriously struggling with.

    I think it's only needed in the kernel and potentially a few other bits of privileged code (e.g. VM hypervisors).

    If all userspace code needed to be recompiled with it... then yeah, just forget about that.
  15. The one crucial piece of information missing from this report is the exploit deployment method. Is it hacked or untrusted web sites? Inserted into applications?

    The actual exploit, to be effective, requires that a) there is secret data in memory at the time the malicious code runs, b) all outbound traffic from the computer is allowed, and c) the system or service secured by that data can be accessed by the hacker.
  16. I have a pretty good basic understanding of the PC but frankly I don't really understand exactly how serious this issue is now or will be given more patches (or better malicious hacks) across recent and past systems.
  17. If no one has committed suicide yet over this then its not as serious as this is blown up to be.
  18. Bug bounties often require you to notify them and give them 6 months to a year before you release info about the issue. It is enough time to get a patch out before the crunch happens when it is released.

    They absolutely have to be released otherwise they tend to never patch then...I have seen issues that exists for years.... The samba share issue used for wannacry was what...6 years old and never patched..
  19. People aren't using common sense when it comes to divulging information..no matter what realm we're talking about. People love to be the first one out of the chute to point fingers or expose things that really don't need to be made public.
    My biggest question is, does it create new issues like the previous one? What are the ramifications if any to or with the patch and that sort of thing.
  20. getting worse for Intel they usually work in software level. harder for hardware better switch AMD. Intel security is outdated
  21. getting worser for Intel. Its sad many customers still buying the vulnerable cpu. Intel security isnt new they are created from decade no wonder it is easy to hack. Better switch to AMD than sorry.
  22. Fixed Windows PCs since 95, now that I'm partially retired I switched to Mint XFCE as a 6 month experiment on my daily desktop. It's been a year and a half. I hate Microsoft and Intel is about as bad. Linux has completely patched Spectre and Meltdown. Yes a slight hit in speed. All Intel's fault. They knew of this potential 10 years ago. The way Linux patched the problem is brilliant and was done without regard to the date of your purchase like money hungry MS and company.
  23. jordoncomp said:
    The way Linux patched the problem is brilliant and was done without regard to the date of your purchase like money hungry MS and company.

    The microcode-level patches are still supplied by Intel & AMD.
  24. NONE of these are actually exploits. None can retrieve data. Still nothing to worry about. Not one exploit that has actually worked. So this is still a non issue.
  25. John_507 said:
    NONE of these are actually exploits. None can retrieve data. Still nothing to worry about. Not one exploit that has actually worked. So this is still a non issue.

    You're basing this on what, exactly?

    The exploits can retrieve data - that's the problem. What they can't do is modify it, but there a lot of harm that can be done (i.e. stealing encryption keys, etc.) that doesn't involve modifying data.
Ask a new question

Read More

Security Software