Content, Breach, Malware

Meltdown, Spectre Malware Alive in the Wild, Fortinet Confirms

As you doubtless recall, in early January AMD, ARM and Intel confirmed that two newly unearthed vulnerabilities known as Meltdown and Spectre can exploit processors developed by the chip makers since 1995. At risk on millions of PCs, servers and mobile devices are personal passwords, photos, emails, instant messages and sensitive documents. No one seemed to know for sure if either flaw had been abused in the wild. Now we do.

In a two-week period ending January 22 the research team at AV-Test discovered 119 new malware samples associated with Meltdown and Spectre. Security provider Fortinet analyzed the samples and found that of the nearly 100 publicly available incidents, all were based on the previously released proof-of-concept code. In other words, the flaw has been substantiated.

Meltdown, Spectre Vulnerability Challenges Continue

This is bad news considering how much at issue is patching nearly every PC worldwide. Some of the fixes themselves have produced serious side-effects, recently prompting Intel to pull its Spectre variant 2 patch over multiple reboot problems. Moreover, who knows if PC OEMs will trudge back more than 20 years to issue patches for older devices.

(Side note: Malware exploits can be long lived: In Fortinet’s Threat Report for Q2 2017, 90 percent of organizations recorded exploits for vulnerabilities that were three or more years old. Even 10+ years after a flaw’s release, 60 percent of firms still see related attacks, the company said.)

“One of the key challenges with addressing the Meltdown and Spectre vulnerabilities – besides the fact that the affected chips are already embedded in millions of devices running in home or production environments – is that developing a patch that resolves their exposed side-channel issues is extremely complicated,” Fortinet’s researchers said in a blog post.

Meltdown, Spectre Malware So Far

Here’s Fortinet’s list of antivirus signatures to address all Meltdown and Spectre samples discovered so far:

  • Riskware/POC_Spectre
  • W64/Spectre.B!exploit
  • Riskware/SpectrePOC
  • Riskware/MeltdownPOC
  • W32/Meltdown.7345!tr
  • W32/Meltdown.3C56!tr
  • W32/Spectre.2157!tr
  • W32/Spectre.4337!tr
  • W32/Spectre.3D5A!tr
  • W32/Spectre.82CE!tr
  • W32/MeltdownPOC

Anti-virus software may be useful to a certain degree in detecting malware that uses the attacks by comparing binaries after they become known.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.