Researchers find malware samples that exploit Meltdown and Spectre

It was inevitable. Once Google published its findings for the Meltdown and Spectre vulnerabilities in CPUs, the bad guys used that as a roadmap to create their malware. And so far, researchers have found more than 130 malware samples designed to exploit Spectre and Meltdown.

If there is any good news, it’s that the majority of the samples appear to be in the testing phase, according to antivirus testing firm AV-TEST, or are based on proof-of-concept software created by security researchers. Still, the number is rising fast.

On January 17, AV-TEST reported that it had seen 77 malware samples. Six days later, that number had increased to 119, and by February 1, it was up to 139 samples.

The Meltdown and Spectre attack methods exploit a design flaw in branch prediction, where a CPU makes an educated guess on what it will compute or process next, and they allow malicious applications to bypass memory isolation to access the contents of memory. While the contents cannot be altered or destroyed, they can be read, which is bad enough.

Leave a Reply

Your email address will not be published. Required fields are marked *