We already have more than 100 attempts of attacks exploit vulnerabilities Spectre and Meltdown in Intel/AMD
The laboratory AV-Test has shown yesterday very interesting chart from which we learn that to their virus database from January 7 to January 22, got 119 samples of malicious software that takes advantage of the vulnerability CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754, about which we reported in detail in this article. In the next days/weeks number of unique Trojans, downloaders or exploits may rise, exposing the serious consequences of systems that store data. Do we have to fear?
Of the following checksums over one hundred samples of malware, we find on VirusTotal, which tell us a little bit about how pests using the vulnerability of Spectre and Miltdown. For example, this is the executable file
.EXE that starts the first malicious code in the console CMD, which, in turn, using the API system, runs the statement "
IsProcessorFeaturePresent ", clearly indicating in the search for information about the CPU on it is responsible for binding machine.
We update the software
Oracle is known for its very leaky Adobe Flash Player has already announced that she took to patching their products (m.in. hypervisor VirtualBox) that holes as a sieve, could be used to develop an exploit and bypass security — consequently run malicious code.
In turn, Veritas Technologies, a provider of software for 86% of the Fortune 500 to the management and protection of data in the cloud and optimize storage, writesthat the NetBackup solution Appliance will receive an update in March 2018 year for the vulnerability of Spectre (CVE-2017-5753, but no CVE-2017-5715) and Meltdown (CVE-2017-5754). Due to the lower risk of the vulnerability CVE-2017-5715 for reading data from the memory kernel update probably will not appear. Veritas Technologies and their clients there is nothing else, how to update operating systems or wait for the further development of events — that is, it does not update, because that last (not) we recommend Intel, as well as the same developer kernel Linux.
Intel recommends that the OEM-om, cloud-based service providers, computer manufacturers and software, as well as to final customers to refrain from the implementation of the current version of the amendments, as these can cause more frequent than usual restart the equipment, as well as other, unforeseen behavior systems.
Do not heat the atmosphere, but ...
... AV-Test writes about 119 samples (until 22 January) malicious software that can steal data stored in computer memory.
And since it can be in Linux:
It is possible also in Windows. In what way? There are a few possibilities. The most likely ones are:
The use of malicious software "bashware", which he wrote the Check Point. It's about the function of the WSL known from Linux. After you install the Windows shell 10 (e.g. manual malware) an attacker can run scripts that work only on Linux in Windows. The concept of a hybrid system that cyber criminals can take advantage of a new attack vector, which not necessarily would be detected by anti-virus programs.
Exploits are to himself, that are not easy to detect. If the attacker uses the system registry or your computer's memory to hide them, it's a chance to take before the security software active preventive measures. For the vulnerability of the Meltdown and Spectre applications running with the privileges of the local user can read the unprecedented for them the entire contents of the kernel memory. This is a hardware error in processors allows programs to steal data that is stored in the memory of other processes running. This can include passwords stored in password manager or a browser, the photos, email messages, or mission-critical documents.
What to do and how to determine whether your system is secure?
- To test the vulnerability of a system we can use a script in PowerShell. Detailed instructions written in this article.
- People used to graphical tools, we recommend a simple applet InSpectre.
The decision about installing patches allow to an individual assessment. Please note only that Intel changed his mind and I do not recommend that you install the shared update.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.