Spectre, Meltdown Flaws Already Producing Spam

  /     /     /  
Publicated : 22/11/2024   Category : security


Spectre, Meltdown Flaws Already Producing Spam


Attackers are already flooding the web with fake patches and other spam, a few weeks after the disclosure of the Spectre and Meltdown flaws.



As if the Spectre and Meltdown vulnerabilities that were disclosed earlier this month werent bad enough, cybercriminals are already using the flaws to spread spam, as well as phony patches and updates, according to a European security agency.
Germanys
Federal Office for Security and IT
(BSI) has issued an alert warning about spam messages that are impersonating the security agency and appear to be related to updates regarding the Spectre and Meltdown flaws found in Intels x86 CPUs. (See
New Intel Vulnerability Hits Almost Everyone
.)
Specifically, BSI is warning that these spam messages point victims to a fake website that offers patches and other updates regarding the flaws. However, the site is actually equipped with malicious code that can infect a PC or other device, such as a smartphone.
The spam Spectre and Meltdown patching site in action

(Source:
Malwarebytes Labs
)
In its January 12 statement
, BSI notes these patch updates are not coming from the agency:

In the context of the recently announced Specter and Meltdown vulnerabilities, the BSI is currently monitoring a SPAM wave with alleged security warnings from the BSI. The recipients are prompted to perform security updates that can be retrieved using a link contained in the mail. The link leads to a fake website, which has similarity to the citizen website (www.bsi-fuer-buerger.de) of the BSI. The download of the alleged update leads to a malware infection of the computer or smartphone.

The biggest problem with what BSI is facing is that agency has been offering legitimate updates on the flaws, which can lead to some confusion for users once the spam starts to hit the web.
While this type of spam has only been spotted in Europe so far, its not hard to imagine it spready to the US, North America and the rest of the world, especially as the concerns about Spectre and Meltdown continue and Intel and some of its partners are finding it difficult to patch the flaw without serious performance issues. (See
Security Warning: Intel Inside
.)
In a blog post
, Malwarebytes Labs found the phishing site, as well as the so-called patch that the spam emails are advertising. Researchers found that those that click on the email actually download a piece a malware called
Smoke Loader
, which can retrieve additional payloads and will attempt to connect to various domains and send encrypted information.
Researchers also note that users shouldnt be fooled by websites using HTTPS as part of the domain since that only protects data transferring between a device and the site.
The presence of a certificate simply implies that the data that transits between your computer and the site is secure, but that has nothing to do with the intentions or content offered, which could be a total scam, according to the Malwarebytes post.
Related posts:
After Spectre & Meltdown, Intel Faces an Evil Maid Problem
A Necessary Security Slowdown
Meltdown & Spectre News Gets Worse – & Better
Unknown Document 739735
— Scott Ferguson, Editor,
Enterprise Cloud News
. Follow him on Twitter
@sferguson_LR
.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Spectre, Meltdown Flaws Already Producing Spam