Hundreds of malware samples that have taken advantage of the proof-of-concept (PoC) code for the infamous, widespread Meltdown and Spectre CPU flaws have been spotted in the wild.
Researchers at Fortinet have uncovered a total of 119 malware samples – between January 7 and 22 alone – associated with the Meltdown and Spectre flaws. Upon analyzing their samples, they quickly discovered that all of them were based on the previously released proof-of-concept.
“One of the key challenges with addressing the Meltdown and Spectre vulnerabilities – besides the fact that the affected chips are already embedded in millions of devices running in home or production environments – is that developing a patch that resolves their exposed side-channel issues is extremely complicated,” researchers wrote.
As an instance, Intel had to abandon their most recent patch due to a side-effect that caused some devices to wilt to a reboot loop after the application of the patch.
Further, Intel’s microcode updates have to be integrated and delivered by OEM hardware companies before they are released. There is a very real possibility of OEMs issuing patches to their latest hardware while forgetting older devices. There could soon be a reality wherein most laptops, PCs and mobile devices currently in use do not get patched with the microcode fixes.
Antiviruses could prove somewhat of a solution in safeguarding against malware strains. When antivirus companies learn of a new malware in the wild, they could analyze it for what it is before issuing a digital signature to distinguish it. An antivirus update would mean that vulnerable computers would be able to block the malware strain before it spreads and causes real damage. Still, a number of early users, in their thousands, will have to suffer before antivirus companies pick those strains and mark them to be blocked by other users.
A list of the Meltdown/Spectre malware signatures, as delivered by Fortinet, reads:
Riskware/POC_Spectre
W64/Spectre.B!exploit
Riskware/SpectrePOC
Riskware/MeltdownPOC
W32/Meltdown.7345!tr
W32/Meltdown.3C56!tr
W32/Spectre.2157!tr
W32/Spectre.4337!tr
W32/Spectre.3D5A!tr
W32/Spectre.82CE!tr
W32/MeltdownPOC
Image credit:
