Meltdown, Spectre Malware Samples Emerge, Though Few Attacks Follow

Four weeks after critical CPU vulnerabilities were first publicly disclosed, security vendors aren't currently seeing any widespread attacks.

AV-TEST Meltdown Spectre

The Meltdown and Spectre CPU vulnerabilities were first publicly disclosed four weeks ago on Jan. 3, triggering a panicked volume of patching by both silicon and software vendors. But what actually is the risk and are there any known malware attacks that are exploiting the Meltdown and Spectre vulnerabilities today?

First the bad news, there are in fact publicly reported instances of malware samples that attempt to exploit the Meltdown and Spectre vulnerabilities. Security testing firm AV-Test reported on Feb. 1 that to date it has seen 139 malware samples related to Meltdown and Spectre.

The good news though is that there currently are not any widespread publicly disclosed malware attack campaigns that are using the Meltdown or Spectre vulnerabilities and multiple security vendors have active detection capabilities in place.

The Meltdown flaw, identified as CVE-2017-5754, affects Intel CPUs while Spectre, known as CVE-2017-5753 and CVE-2017-5715, impacts all modern processors, including ones from Intel, Advanced Micro Devices (AMD) and ARM. The vulnerabilities could potentially enable an attacker to be able to read privileged information from system memory.

The volume of Meltdown and Spectre malware samples publicly reported by AV-Test is still only a small portion of the total volume of new malware samples seen by security vendors every day. 

"There is no real spike, AV-Test reported seeing around 139 samples so far related to the vulnerability, which is very little if we consider that we at Avast see tens of thousands of new malicious files per day," Michal Salat, Threat Intelligence Director at Avast, told eWEEK. "Avast has been actively seeking samples and we have received samples from AV-Test, but, so far, they seem to just be variations of the proof of concept code."

At McAfee, the security vendor is seeing even more malware sample related to Meltdown and Spectre than what AV-Test is publicly reporting.

"We are aware that there are multiple samples that have been identified as leveraging the variants listed under Meltdown and Spectre," Raj Samani, Chief Scientist at McAfee, told eWEEK. "In fact the number of samples to date we believe are in excess of 400, and Spectre appears to be more dominant than Meltdown."

Though there are malware samples that make use of the Meltdown and Spectre vulnerabilities, attacks using those vulnerabilities are not currently widespread. There was some initial trouble with anti-virus technologies being installed on Microsoft Windows operating systems, but that has largely now been resolved as well.

"Avast is actively monitoring the situation and has taken all necessary steps to allow installation of the respective patches," Salat said. "So far, we haven't seen any real malware misusing the exploits."

At McAfee, Samani said that for the Meltdown and Spectre malware samples that have been identified, McAfee has confirmed that it has proper detection capabilities in place. According to Samani, it appears that the countries which are being targeted with the Meltdown and Spectre samples are predominantly Western Europe and the United States.  

"However, a large number of applications in the wild using the Spectre and Meltdown techniques are related to the security research community and do not pose a direct risk to organizations," Samani said. "We will continue to leverage our global research footprint for emerging techniques and implement protection for our customers."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.