Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Spectre and Meltdown
Message
<blockquote data-quote="Deleted member 65228" data-source="post: 712625"><p>I also want to iterate on a separate post (the original was quite large as it was) that malware authors are primarily interested in banking malware, ransomware, crypto-currency mining malware and adware.</p><p></p><p>You could say that Meltdown could have been extremely beneficial for banking malware development because it could allow an attacker to read memory belonging to browser processes (which would leak sensitive data potentially such as credentials) but such data would not be "clear" and it wouldn't be a fast process either. It'd be much simpler for an attacker to install a form-grabber/WebInject into the browser to target banking website credentials, or to just locate where saved passwords are stored and use the browser's own APIs for decryption (which is commonly done with Firefox for the record).</p><p></p><p>Ransomware is designed by default to demand a ransom in exchange for a decryption key, and to my surprise, it is true that you may get a decryption key back once you've paid the ransom. However, you can never trust someone who has infected your system and there's no guarantee. Some ransomware can be decrypted by a third-party due to a weak encryption algorithm or leaked keys which may potentially be valid for the affected files of yours, whereas some have no chance for decryption. Moving on, it's designed to encrypt files as quickly as possible and this in turn gets attackers a lot of money because people do give in depending on how important the data is, or out of fear... Which is a shame really because it's people who pay the ransom which encourage malware authors to stay interested in the ransomware business, and causes a rise of new development's for it.</p><p></p><p>Crypto-currency mining malware is a new one, and banking malware is also started to target crypto-currency wallets more and more. Crypto-currency mining is the act of using your system resources to generate income, and while I don't really understand how it works fully hence not being into crypto-currency (always thought it was the same as gambling to be honest), I know enough to know that it uses up system resources. Malware for crypto-currency mining will hide and try to use your system resources. If an attacker can get enough infections, they can be generating a lot of income each month depending on the life of the infection and the system resources the system's of infected personals have.</p><p></p><p>Adware is adware, I'm sure you're already very familiar with it. Adware tends to make money from data collection (usually illegal) and advertisements/additional installation bundling. It can make a lot of money to the big actors in the Adware business, which is a shame once again.</p><p></p><p>Those are some of the most prevalent threats out there, and crypto-currency mining malware is a new one recently on the rise in the game of malware development. I don't think Meltdown or Spectre will be a huge issue and I would be surprised if an attacker (especially a normal attacker who is developing for the home targets) will be capable of actually utilising it for true potential with all the recent patch updates and software updates to take on-board these vulnerabilities. It just won't be very effective in comparison to quickly stealing saved passwords on-disk among other things which is a lot faster and has a higher success ratio,</p><p></p><p>We also need to remember that home targeted malware is... home targeted malware. A majority of black-hats developing to attack home users aren't experienced and likely don't even know what they are doing. Do you know how common it is for samples in the wild to be relying on copy-pasted code? Many samples are full of bugs and vulnerabilities (which can be abused to help beat them for removal or in the case of ransomware, decrypt the affected files).</p><p></p><p>Unless you're a high value target you don't really need to worry, and even then, the likelihood is even an actor like Microsoft hasn't been targeted with Meltdown nor Spectre exploitation in a malware package unless it was by a government state actor (which is unlikely because they could get data through other means, and also legally, and it'd be more effective that way).</p><p></p><p></p><p>Exactly.</p><p></p><p>We all have weaknesses because we are all human. Meltdown and Spectre could be similar to a fake job interview to steal your pitched ideas and make money before cutting you out of the picture, or someone claiming to be someone they aren't to grab personal information which can then be used for identity theft and thus lead to fraud (using real-life to do it).</p><p></p><p>Keep a system image backup/back up all your data, keep your software updated at all times (except for Windows update - waiting a week is fine IMO because sometimes faulty updates show up), don't be click-happy and have good security software relying on a layered combination to help combat any potential threats lurking if you get unlucky.</p></blockquote><p></p>
[QUOTE="Deleted member 65228, post: 712625"] I also want to iterate on a separate post (the original was quite large as it was) that malware authors are primarily interested in banking malware, ransomware, crypto-currency mining malware and adware. You could say that Meltdown could have been extremely beneficial for banking malware development because it could allow an attacker to read memory belonging to browser processes (which would leak sensitive data potentially such as credentials) but such data would not be "clear" and it wouldn't be a fast process either. It'd be much simpler for an attacker to install a form-grabber/WebInject into the browser to target banking website credentials, or to just locate where saved passwords are stored and use the browser's own APIs for decryption (which is commonly done with Firefox for the record). Ransomware is designed by default to demand a ransom in exchange for a decryption key, and to my surprise, it is true that you may get a decryption key back once you've paid the ransom. However, you can never trust someone who has infected your system and there's no guarantee. Some ransomware can be decrypted by a third-party due to a weak encryption algorithm or leaked keys which may potentially be valid for the affected files of yours, whereas some have no chance for decryption. Moving on, it's designed to encrypt files as quickly as possible and this in turn gets attackers a lot of money because people do give in depending on how important the data is, or out of fear... Which is a shame really because it's people who pay the ransom which encourage malware authors to stay interested in the ransomware business, and causes a rise of new development's for it. Crypto-currency mining malware is a new one, and banking malware is also started to target crypto-currency wallets more and more. Crypto-currency mining is the act of using your system resources to generate income, and while I don't really understand how it works fully hence not being into crypto-currency (always thought it was the same as gambling to be honest), I know enough to know that it uses up system resources. Malware for crypto-currency mining will hide and try to use your system resources. If an attacker can get enough infections, they can be generating a lot of income each month depending on the life of the infection and the system resources the system's of infected personals have. Adware is adware, I'm sure you're already very familiar with it. Adware tends to make money from data collection (usually illegal) and advertisements/additional installation bundling. It can make a lot of money to the big actors in the Adware business, which is a shame once again. Those are some of the most prevalent threats out there, and crypto-currency mining malware is a new one recently on the rise in the game of malware development. I don't think Meltdown or Spectre will be a huge issue and I would be surprised if an attacker (especially a normal attacker who is developing for the home targets) will be capable of actually utilising it for true potential with all the recent patch updates and software updates to take on-board these vulnerabilities. It just won't be very effective in comparison to quickly stealing saved passwords on-disk among other things which is a lot faster and has a higher success ratio, We also need to remember that home targeted malware is... home targeted malware. A majority of black-hats developing to attack home users aren't experienced and likely don't even know what they are doing. Do you know how common it is for samples in the wild to be relying on copy-pasted code? Many samples are full of bugs and vulnerabilities (which can be abused to help beat them for removal or in the case of ransomware, decrypt the affected files). Unless you're a high value target you don't really need to worry, and even then, the likelihood is even an actor like Microsoft hasn't been targeted with Meltdown nor Spectre exploitation in a malware package unless it was by a government state actor (which is unlikely because they could get data through other means, and also legally, and it'd be more effective that way). Exactly. We all have weaknesses because we are all human. Meltdown and Spectre could be similar to a fake job interview to steal your pitched ideas and make money before cutting you out of the picture, or someone claiming to be someone they aren't to grab personal information which can then be used for identity theft and thus lead to fraud (using real-life to do it). Keep a system image backup/back up all your data, keep your software updated at all times (except for Windows update - waiting a week is fine IMO because sometimes faulty updates show up), don't be click-happy and have good security software relying on a layered combination to help combat any potential threats lurking if you get unlucky. [/QUOTE]
Insert quotes…
Verification
Post reply
Top