Expect the Spectre....and Meltdown Soon

FrgMstr

Just Plain Mean
Staff member
Joined
May 18, 1997
Messages
49,897
Bleeping Computer is reporting that we may very soon see malware very soon that leverages both the Spectre and Meltdown vulnerabilities soon. We all know this is coming, but just when has been the real question. As Intel is scrambling to get fixes out that do not cause more problems than those fix, we can be thankful that no actual real instances of Spectre or Meltdown have actually been found in the wild as of writing this. It has been confirmed by Mozilla that Spectre is deliverable through a simple JavaScript on a web page, so you might be a little extra careful when clicking. Thanks Joe!


According to experts at AV-TEST, Fortinet, and Minerva Labs, several individuals are experimenting with publicly released proof-of-concept (PoC) code for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5715, CVE-2017-5753) vulnerabilities.

Researchers from AV-TEST have detected 119 malware samples that are related to the aforementioned CPU vulnerabilities.
 

heatlesssun

Extremely [H]
Joined
Nov 5, 2005
Messages
44,154
Releasing exploit data before there is a real fix.. way to go.
The nature of the this problem is so pervasive that getting fixes out across the board and doing adequate testing without the details of these issues being known simply isn't possible.
 

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
Releasing exploit data before there is a real fix.. way to go.
Say what? The core principles and proof of concept code within the exploits themselves was released in a white paper as Spectre / Meltdown was announced. TBH I expected that we would see these in the wild already. Guess threat actors decided there are better ways to get this data (there are).
 

Kongar

Gawd
Joined
Oct 25, 2004
Messages
730
So this flu season sux - been out of the loop for a week. Where do we stand today with this nonsense? Last week it was "sorry Ivy Bridge users - no updates for you" Is that still the case, and if so, are we really facing a future where any misclick on a webpage could compromise the security of our PCs? It's just mind boggling to think about.
 

Krenum

[H]F Junkie
Joined
Apr 29, 2005
Messages
15,898
Is this spector / Meltdown fiasco known to kill SSD Drives? One of my 240gb drives just died :(
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
2,735
The nature of the this problem is so pervasive that getting fixes out across the board and doing adequate testing without the details of these issues being known simply isn't possible.
Say what? The core principles and proof of concept code within the exploits themselves was released in a white paper as Spectre / Meltdown was announced. TBH I expected that we would see these in the wild already. Guess threat actors decided there are better ways to get this data (there are).
And the release of this high Exploit did not draw the attention of hackers and accelerate hack development targeting this specific vulnerability?
 

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,817
So this flu season sux - been out of the loop for a week. Where do we stand today with this nonsense? Last week it was "sorry Ivy Bridge users - no updates for you" Is that still the case, and if so, are we really facing a future where any misclick on a webpage could compromise the security of our PCs? It's just mind boggling to think about.
Worse. A few days ago, Microsoft issued a patch to roll back the patches that Intel released because the Intel patches were breaking more stuff then they fixed. So if you have a fully updated system, you have no protection against this. At least on a Windows Intel system.

Sad that script blockers are fast becoming the first and apparently the most effective line of defense against this crap.
 

heatlesssun

Extremely [H]
Joined
Nov 5, 2005
Messages
44,154
And the release of this high Exploit did not draw the attention of hackers and accelerate hack development targeting this specific vulnerability?
No doubt this disclosure did draw the attention of hackers. I'm just saying that there's no way to fix an problem this pervasive effectively before it being disclosed because of the level of testing involved. Trying to fix it under wraps effectively across all effected platforms simply isn't possible.
 

ChadD

Supreme [H]ardness
Joined
Feb 8, 2016
Messages
4,589
Releasing exploit data before there is a real fix.. way to go.
We'll when you tell companies about it months before you release it and they mostly put their fingers in their ears what are you to do... well they didn't just put their fingers in their ears. As I understand it some CEOs sold all their stock instead of driving the fixes out the door. lol
 

drescherjm

[H]F Junkie
Joined
Nov 19, 2008
Messages
14,748
I don't think everyone would want to use a raspberry pi to replace their desktop PC. AMD and Intel are both vulnerable and have been so to Spectre for every CPU sold in at least the last 2 decades. That is except for a few low power CPUs that don't use out of order execution.
 
Last edited:

ChadD

Supreme [H]ardness
Joined
Feb 8, 2016
Messages
4,589
Will anti-virus software not catch this?
Considering that these use legit features of your CPU.. unless your Anti virus is intercepting everything and preventing code from using those CPU funcitons. No no AV will not catch this. Perhaps they can catch some specific bits of web script but I doubt there is much they can do outside the most common recycled type of malware. I believe heuristic type scanning would be useless.
 

BSmith

[H]ard|Gawd
Joined
Nov 9, 2017
Messages
1,323
You do know the cryptocrazies will be the first ones to take advantage of this? Everyone's computer will be minng for someone,

Just freaking awesome! Yes, I have firmly affixed my tin foil hat to me noggin, but now I wonder if the aluminum can be hacked!
 

Kongar

Gawd
Joined
Oct 25, 2004
Messages
730
Worse. A few days ago, Microsoft issued a patch to roll back the patches that Intel released because the Intel patches were breaking more stuff then they fixed. So if you have a fully updated system, you have no protection against this. At least on a Windows Intel system.

Sad that script blockers are fast becoming the first and apparently the most effective line of defense against this crap.
Thanks for the update - crazy stuff. Sucks that the patches were causing problems - but they'll get that sorted out. The real issue I can't come to grips with is that there's no fix coming for many modern-ish systems like my ivy bridge. I can't see my script blocker and my safe browsing habits being effective here. Every once and a while you have to turn scripts on because a website requires it, and if you're paranoid you'd do that in a virtual machine. But that doesn't even work in this case.

It's like my computers are destined to become part of a botnet no matter what I do. To fix, I just have to open up my wallet and buy a new gaming rig, a new laptop for the wife, a new HTPC for the home theater, and I can't do the old "hand me down" approach that works for so many families. Strange times indeed.
 

kju1

2[H]4U
Joined
Mar 27, 2002
Messages
3,152
Releasing exploit data before there is a real fix.. way to go.
Ever heard of a forcing function? Also Intel was informed before Spectre/Meltdown was publicized so I am not sure what your point is.

You do know the cryptocrazies will be the first ones to take advantage of this? Everyone's computer will be minng for someone,

Just freaking awesome! Yes, I have firmly affixed my tin foil hat to me noggin, but now I wonder if the aluminum can be hacked!
Your brain has already been hacked. Deal with it.
 

Chebsy

Gawd
Joined
Jan 24, 2013
Messages
523
Quote "Bleeping Computer is reporting that we may very soon see malware very soon that leverages both the Spectre and Meltdown vulnerabilities soon"

Couldn't you fit any more "soon's" in that sentence Kyle ?? ;);)
 
  • Like
Reactions: ncjoe
like this

kju1

2[H]4U
Joined
Mar 27, 2002
Messages
3,152
Quote "Bleeping Computer is reporting that we may very soon see malware very soon that leverages both the Spectre and Meltdown vulnerabilities soon"

Couldn't you fit any more "soon's" in that sentence Kyle ?? ;);)
Soon he will be able to. Soon.
 

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
And the release of this high Exploit did not draw the attention of hackers and accelerate hack development targeting this specific vulnerability?
Umm.... Yes. That's the point. From the beginning. Please believe that they wouldn't have publicly released the details if they thought it wasn't already being looked at by advanced threat actors. It's not like spectre / meltdown are the first iteration of this kind. AnC uses similar (but different) principles and that's almost two years old. Breaking ASLR and KASLR has always been a target. A big one. Spectre / Meltdown does this in a big way...but so do others.

All this being said... There are better methods out there that allow for credential harvesting. TAs know this...and will take the path of least resistance (usually).

In general, public release forces vendors to get their shit together and fix it. That's why it is done.
 
Last edited:

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
Will anti-virus software not catch this?
Depends on the AV. If the exploits are deployed client side in a specific payload that has other functions...maybe. The raw script itself...Probably not since it exists in the lower rings.
 

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
You do know the cryptocrazies will be the first ones to take advantage of this? Everyone's computer will be minng for someone,

Just freaking awesome! Yes, I have firmly affixed my tin foil hat to me noggin, but now I wonder if the aluminum can be hacked!
The type of attack you mentioned would gain very little if no benefit from Spectre / Meltdown. If you want to look at crypto mining based attacks, I would suggest starting with Adylkuzz.
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
2,735
Ever heard of a forcing function? Also Intel was informed before Spectre/Meltdown was publicized so I am not sure what your point is.
Because Intel was informed, the hacker community was therefore informed? Intel / Google / AMD have less than zero motivation to do anything but keep it under wraps. Plus the story breaking six months down the road shows that.
 

Lunas

[H]F Junkie
Joined
Jul 22, 2001
Messages
9,877
Is this spector / Meltdown fiasco known to kill SSD Drives? One of my 240gb drives just died :(
No but it does give an attacker full undetectable access to do whatever they wish...
 

Schtask

Limp Gawd
Joined
Nov 29, 2011
Messages
436
No but it does give an attacker full undetectable access to do whatever they wish...
From memory. Bandwidth is pretty low on these attacks, so it could take forever for them to find what they are looking for to begin with. That might improve over time though. Just too man unknowns right now to be absolutely sure.
 

WhoBeDaPlaya

2[H]4U
Joined
Dec 16, 2002
Messages
2,485
Makes finding our way through "DOWNLOAD NOW" buttons much more dangerous. Choose the correct button and win glorius prizes. Select any other wrong ones and you'll need to buy a new computer.
How else am I going to see Paris Hilton / <favorite fap bait> naked?
 

kju1

2[H]4U
Joined
Mar 27, 2002
Messages
3,152
How else am I going to see Paris Hilton / <favorite fap bait> naked?
Paris? Puhleeze shes on like every porn site out there...

Because Intel was informed, the hacker community was therefore informed? Intel / Google / AMD have less than zero motivation to do anything but keep it under wraps. Plus the story breaking six months down the road shows that.
Why does the hacker community need to be informed before a fix is in place? You specifically bitched about how the data was released before a fix. The vendors are responsible for the fixes not the "hacker community".

Also it "breaking six months down the road" shows nothing besides the individuals/companies that found it giving vendors 6 months of a head start to fix it.
 

Khahhblaab

Limp Gawd
Joined
Apr 23, 2017
Messages
481
The nature of the this problem is so pervasive that getting fixes out across the board and doing adequate testing without the details of these issues being known simply isn't possible.
Yeah. Here is another place that is checking on the overall progress: https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help

Looks like microcode is buggy and browser updates dont remove all possibilities. Gonna take a while longer. Sucks that performance will take a hit.
 
Top