Spectre, Meltdown Flaws Already Producing Spam

Attackers are already flooding the web with fake patches and other spam, a few weeks after the disclosure of the Spectre and Meltdown flaws.

Scott Ferguson, Managing Editor, Light Reading

January 17, 2018

3 Min Read

As if the Spectre and Meltdown vulnerabilities that were disclosed earlier this month weren't bad enough, cybercriminals are already using the flaws to spread spam, as well as phony patches and updates, according to a European security agency.

Germany's Federal Office for Security and IT (BSI) has issued an alert warning about spam messages that are impersonating the security agency and appear to be related to updates regarding the Spectre and Meltdown flaws found in Intel's x86 CPUs. (See New Intel Vulnerability Hits Almost Everyone.)

Specifically, BSI is warning that these spam messages point victims to a fake website that offers patches and other updates regarding the flaws. However, the site is actually equipped with malicious code that can infect a PC or other device, such as a smartphone.

The spam Spectre and Meltdown patching site in action\r\n(Source: Malwarebytes Labs)\r\n

The spam Spectre and Meltdown patching site in action
\r\n(Source: Malwarebytes Labs)\r\n

In its January 12 statement, BSI notes these patch updates are not coming from the agency:

"In the context of the recently announced "Specter" and "Meltdown" vulnerabilities, the BSI is currently monitoring a SPAM wave with alleged security warnings from the BSI. The recipients are prompted to perform security updates that can be retrieved using a link contained in the mail. The link leads to a fake website, which has similarity to the citizen website (www.bsi-fuer-buerger.de) of the BSI. The download of the alleged update leads to a malware infection of the computer or smartphone."

The biggest problem with what BSI is facing is that agency has been offering legitimate updates on the flaws, which can lead to some confusion for users once the spam starts to hit the web.

While this type of spam has only been spotted in Europe so far, it's not hard to imagine it spready to the US, North America and the rest of the world, especially as the concerns about Spectre and Meltdown continue and Intel and some of its partners are finding it difficult to patch the flaw without serious performance issues. (See Security Warning: Intel Inside.)

In a blog post, Malwarebytes Labs found the phishing site, as well as the so-called patch that the spam emails are advertising. Researchers found that those that click on the email actually download a piece a malware called Smoke Loader, which can retrieve additional payloads and will attempt to connect to various domains and send encrypted information.

Researchers also note that users shouldn't be fooled by websites using HTTPS as part of the domain since that only protects data transferring between a device and the site.

"The presence of a certificate simply implies that the data that transits between your computer and the site is secure, but that has nothing to do with the intentions or content offered, which could be a total scam," according to the Malwarebytes post.

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

Read more about:

Security Now

About the Author

Scott Ferguson

Managing Editor, Light Reading

Prior to joining Enterprise Cloud News, he was director of audience development for InformationWeek, where he oversaw the publications' newsletters, editorial content, email and content marketing initiatives. Before that, he served as editor-in-chief of eWEEK, overseeing both the website and the print edition of the magazine. For more than a decade, Scott has covered the IT enterprise industry with a focus on cloud computing, datacenter technologies, virtualization, IoT and microprocessors, as well as PCs and mobile. Before covering tech, he was a staff writer at the Asbury Park Press and the Herald News, both located in New Jersey. Scott has degrees in journalism and history from William Paterson University, and is based in Greater New York.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights