Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV //

Malware

1/17/2018
08:05 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Spectre, Meltdown Flaws Already Producing Spam

Attackers are already flooding the web with fake patches and other spam, a few weeks after the disclosure of the Spectre and Meltdown flaws.

As if the Spectre and Meltdown vulnerabilities that were disclosed earlier this month weren't bad enough, cybercriminals are already using the flaws to spread spam, as well as phony patches and updates, according to a European security agency.

Germany's Federal Office for Security and IT (BSI) has issued an alert warning about spam messages that are impersonating the security agency and appear to be related to updates regarding the Spectre and Meltdown flaws found in Intel's x86 CPUs. (See New Intel Vulnerability Hits Almost Everyone.)

Specifically, BSI is warning that these spam messages point victims to a fake website that offers patches and other updates regarding the flaws. However, the site is actually equipped with malicious code that can infect a PC or other device, such as a smartphone.

In its January 12 statement, BSI notes these patch updates are not coming from the agency:

In the context of the recently announced "Specter" and "Meltdown" vulnerabilities, the BSI is currently monitoring a SPAM wave with alleged security warnings from the BSI. The recipients are prompted to perform security updates that can be retrieved using a link contained in the mail. The link leads to a fake website, which has similarity to the citizen website (www.bsi-fuer-buerger.de) of the BSI. The download of the alleged update leads to a malware infection of the computer or smartphone.

The biggest problem with what BSI is facing is that agency has been offering legitimate updates on the flaws, which can lead to some confusion for users once the spam starts to hit the web.

While this type of spam has only been spotted in Europe so far, it's not hard to imagine it spready to the US, North America and the rest of the world, especially as the concerns about Spectre and Meltdown continue and Intel and some of its partners are finding it difficult to patch the flaw without serious performance issues. (See Security Warning: Intel Inside.)

In a blog post, Malwarebytes Labs found the phishing site, as well as the so-called patch that the spam emails are advertising. Researchers found that those that click on the email actually download a piece a malware called Smoke Loader, which can retrieve additional payloads and will attempt to connect to various domains and send encrypted information.

Researchers also note that users shouldn't be fooled by websites using HTTPS as part of the domain since that only protects data transferring between a device and the site.

"The presence of a certificate simply implies that the data that transits between your computer and the site is secure, but that has nothing to do with the intentions or content offered, which could be a total scam," according to the Malwarebytes post.

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20001
PUBLISHED: 2020-08-04
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.
CVE-2020-15467
PUBLISHED: 2020-08-04
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.
CVE-2020-5615
PUBLISHED: 2020-08-04
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-5616
PUBLISHED: 2020-08-04
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] fre...
CVE-2020-5617
PUBLISHED: 2020-08-04
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.