Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV //

Malware

// // //
1/17/2018
08:05 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now

Spectre, Meltdown Flaws Already Producing Spam

Attackers are already flooding the web with fake patches and other spam, a few weeks after the disclosure of the Spectre and Meltdown flaws.

As if the Spectre and Meltdown vulnerabilities that were disclosed earlier this month weren't bad enough, cybercriminals are already using the flaws to spread spam, as well as phony patches and updates, according to a European security agency.

Germany's Federal Office for Security and IT (BSI) has issued an alert warning about spam messages that are impersonating the security agency and appear to be related to updates regarding the Spectre and Meltdown flaws found in Intel's x86 CPUs. (See New Intel Vulnerability Hits Almost Everyone.)

Specifically, BSI is warning that these spam messages point victims to a fake website that offers patches and other updates regarding the flaws. However, the site is actually equipped with malicious code that can infect a PC or other device, such as a smartphone.

The spam Spectre and Meltdown patching site in action\r\n(Source: Malwarebytes Labs)\r\n
The spam Spectre and Meltdown patching site in action
\r\n(Source: Malwarebytes Labs)\r\n

In its January 12 statement, BSI notes these patch updates are not coming from the agency:

In the context of the recently announced "Specter" and "Meltdown" vulnerabilities, the BSI is currently monitoring a SPAM wave with alleged security warnings from the BSI. The recipients are prompted to perform security updates that can be retrieved using a link contained in the mail. The link leads to a fake website, which has similarity to the citizen website (www.bsi-fuer-buerger.de) of the BSI. The download of the alleged update leads to a malware infection of the computer or smartphone.

The biggest problem with what BSI is facing is that agency has been offering legitimate updates on the flaws, which can lead to some confusion for users once the spam starts to hit the web.

While this type of spam has only been spotted in Europe so far, it's not hard to imagine it spready to the US, North America and the rest of the world, especially as the concerns about Spectre and Meltdown continue and Intel and some of its partners are finding it difficult to patch the flaw without serious performance issues. (See Security Warning: Intel Inside.)

In a blog post, Malwarebytes Labs found the phishing site, as well as the so-called patch that the spam emails are advertising. Researchers found that those that click on the email actually download a piece a malware called Smoke Loader, which can retrieve additional payloads and will attempt to connect to various domains and send encrypted information.

Researchers also note that users shouldn't be fooled by websites using HTTPS as part of the domain since that only protects data transferring between a device and the site.

"The presence of a certificate simply implies that the data that transits between your computer and the site is secure, but that has nothing to do with the intentions or content offered, which could be a total scam," according to the Malwarebytes post.

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45786
PUBLISHED: 2023-02-04
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition ...
CVE-2023-22849
PUBLISHED: 2023-02-04
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling Ap...
CVE-2023-25193
PUBLISHED: 2023-02-04
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2023-0676
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0677
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.