Windows 10: Windows Meltdown-Spectre: Watch out fake patches that spread malware


  1. Posts : 21,166
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
       17 Jan 2018 #1

    Windows Meltdown-Spectre: Watch out fake patches that spread malware


    Windows Meltdown-Spectre: Watch out for fake patches that spread malware

    PC users already have to contend with buggy Meltdown and Spectre patches. But now they also need to be wary of cybercriminals exploiting uncertainty about the fix and where to get them.
    Jérôme Segura, a researcher at Malwarebytes, says the phishing site's link leads to the installation of malware known as Smoke Loader, which can install other malware.
    As with many phishing sites these days, the fake BSI page was SSL-enabled, meaning victims could be duped by seeing the secure padlock symbol in their browser's address bar next to the HTTPS address.
    "Online criminals are notorious for taking advantage of publicized events and rapidly exploiting them, typically via phishing campaigns," wrote Secura.

    "This particular one is interesting because people were told to apply a patch, which is exactly what the crooks are offering under disguise."

    He added that HTTPS links aren't necessarily trustworthy. A recent report from security firm PhishLabs showed that HTTPS adoption by phishing sites is actually increasing faster than the general web.

    In the third quarter of 2017, a quarter of all phishing sites used HTTPS, up from three percent a year ago. Phishers are adopting HTTPS, even though it's not necessary for the task, but rather because the additional security gives the impression of legitimacy.
    Windows Meltdown-Spectre: Watch out for fake patches that spread malware | ZDNet

    A fake patch for the massive Spectre and Meltdown chip flaws is actually a front for a piece of malware called Smoke Loader. A fake website that claims to be part of the German Federal Office for Information Security (BSI) is associated with Smoke Loader, according to a Malwarebytes blog post.

    In recent years, social engineering efforts by cyber criminals have leveraged headline-grabbing issues in an attempt to infect users. This is especially true of high-profile vulnerabilities. Fake patches and fixes were rampant after the critical WannaCry ransomware attack, so it was only a matter of time before Spectre and Meltdown were used by criminals too.
    Once a user is directed to the fake site, the Malwarebytes post said, they will find a download link to a ZIP archive titled Intel-AMD-SecurityPatch-11-01bsi.zip. This contains a "so-called patch (Intel-AMD-SecurityPatch-10-1-v1.exe), which really is a piece of malware," the post said.

    If a user were to download and run the fake patch, they'd be infected with the Smoke Loader malware. Smoke Loader can retrieve additional payloads, and traffic analyzed by Malwarebytes seems to show it trying to connect to other domains and send encrypted data.
    This fake Spectre/Meltdown patch will infect your PC with malware - TechRepublic
    Last edited by Borg 386; 17 Jan 2018 at 09:39.
      My ComputerSystem Spec


 

Related Threads
Read more: https://support.microsoft.com/en-us/help/4073757/protect-your-devices-against-spectre-meltdown See also: Windows Client Guidance against speculative execution vulnerabilities - Windows 10 Forums Understanding performance impact...
So after arriving home from holidays I noticed windows was installing the latest patches including the one for the recently discovered vulnerabilities. After 1-3 days problems started to appear, my computer would randomly freeze, first I wouldnt...
Do we know the actual risk of Meltdown and Spectre? in AntiVirus, Firewalls and System Security
There has been a lot discussion about Meltdown and Spectre on this forum and others, but I'm still confused. And I have 2 computers, and possibly 3, that are old enough that no BIOS remedy will be forthcoming so I'm going to be vulnerable to...
I am running FCU Win 10 Pro on a MSI P35 Neo F v1 motherboard with Core 2 Duo E8400 CPU. I have ran the MS controlsettings script which informs me I am protected from Spectre by Windows Update but not Meltdown without a BIOS/Microcode update. As...
Source: Meltdown and Spectre: what you need to know - Malwarebytes Labs | Malwarebytes Labs See also: Windows Client Guidance against speculative execution vulnerabilities - Windows 10 Forums
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:01.
Find Us