February 1, 2018 by

Researchers Discover 119 Meltdown, Spectre Malware Variants in the Wild

Hundreds of malware samples that have taken advantage of the proof-of-concept (PoC) code for the infamous, widespread Meltdown and Spectre CPU flaws have been spotted in the wild.

Researchers at Fortinet have uncovered a total of 119 malware samples – between January 7 and 22 alone – associated with the Meltdown and Spectre flaws. Upon analyzing their samples, they quickly discovered that all of them were based on the previously released proof-of-concept.

“One of the key challenges with addressing the Meltdown and Spectre vulnerabilities – besides the fact that the affected chips are already embedded in millions of devices running in home or production environments – is that developing a patch that resolves their exposed side-channel issues is extremely complicated,” researchers wrote. 

As an instance, Intel had to abandon their most recent patch due to a side-effect that caused some devices to wilt to a reboot loop after the application of the patch.

Further, Intel’s microcode updates have to be integrated and delivered by OEM hardware companies before they are released. There is a very real possibility of OEMs issuing patches to their latest hardware while forgetting older devices. There could soon be a reality wherein most laptops, PCs and mobile devices currently in use do not get patched with the microcode fixes.

Antiviruses could prove somewhat of a solution in safeguarding against malware strains. When antivirus companies learn of a new malware in the wild, they could analyze it for what it is before issuing a digital signature to distinguish it. An antivirus update would mean that vulnerable computers would be able to block the malware strain before it spreads and causes real damage. Still, a number of early users, in their thousands, will have to suffer before antivirus companies pick those strains and mark them to be blocked by other users.

A list of the Meltdown/Spectre malware signatures, as delivered by Fortinet, reads:

Riskware/POC_Spectre

W64/Spectre.B!exploit

Riskware/SpectrePOC

Riskware/MeltdownPOC

W32/Meltdown.7345!tr

W32/Meltdown.3C56!tr

W32/Spectre.2157!tr

W32/Spectre.4337!tr

W32/Spectre.3D5A!tr

W32/Spectre.82CE!tr

W32/MeltdownPOC

Image credit:

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Intel Scrambles and Fumbles to Issue Patch for Chip Flaws

Intel has reportedly advised computer makers and cloud service providers to refrain from using Intel...

Read more arrow_forward

Meltdown, Spectre Bugs Bring More Grief to Microsoft, AMD Users

Microsoft has temporarily paused issuing patches to the Metldown and Spectre vulnerabilities for AMD...

Read more arrow_forward

‘Worst Ever” CPU Bugs Meltdown and Spectre Virtually Affect All Computers

Two major processor security flaws, dubbed “Meltdown” and “Spectre” affect everything from...

Read more arrow_forward