Meltdown and Spectre malware being picked-up by anti-virus software firms

Cyber crooks have started experimenting with Meltdown and Spectre malware

Security researchers have been picking up a series of malware samples seeking to exploit the Meltdown and Spectre security flaws.

Researchers at AV-TEST, Fortinet and Minerva Labs believe that hackers are exploring ways they can utilise the publicly available proof-of-concept (PoC) codes for Meltdown and Spectre.

Individuals began creating malware samples after the researchers who discovered the Meltdown and Spectre vulnerabilities published the PoC code onto the internet.

Even 10+ years after a flaw's release, 60 per cent of firms still see related attacks

Although no attacks have been recorded yet, the findings indicate that cyber gangs are already working on exploits that could work in the real world. According to Fortinet, most of the samples picked up so far have been based on the PoC code released to coincide, and demonstrate, the Meltdown and Spectre security threats.

The company added that it has been monitoring cyber crime gangs who may use the security flaws to launch new attacks on key targets.

"Earlier this month, three major chip manufacturers announced that vulnerabilities known as Meltdown and Spectre (CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754) affected processors deployed in millions of devices," said the company.

"For the past year or so, FortiGuard Labs has been tracking the efforts of cybercriminals to develop new attacks designed to exploit known vulnerabilities.

"As detailed in our Fortinet Threat Report for the second quarter of 2017, a full 90 per cent of organisations recorded exploits for vulnerabilities that were three or more years old. Even 10+ years after a flaw's release, 60 per cent of firms still see related attacks."

Fortinet cited research conducted at independent security organisation AV-TEST. It's come across 119 malware samples that leverage the CPU flaws.

"We aren't the only ones concerned. Others in the cybersecurity community have clearly taken notice, because between January 7 and January 22 the research team at AV-Test discovered 119 new samples associated with these vulnerabilities," said Fortinet.

"FortiGuard Labs has analysed all of the publicly available samples, representing about 83 per cent of all the samples that have been collected, and determined that they were all based on proof of concept code.

"The other 17 per cent may have not been shared publicly because they were either under NDA [non-disclosure agreement] or were unavailable for reasons unknown to us."