- Feb 4, 2016
- 2,520
There is no evidence in-the-wild malware is using Meltdown or Spectre
- Thread starter LASER_oneXM
- Start date
- Jul 1, 2017
- 1,396
Some even argue that Meltdown\Spectre might have already be exploited by nation-state security agencies for all anyone knows. And has been for years.
However, there is no evidence of anything.
So nobody should worry about it.
It is all FUD = fear, uncertainty, doubt. Which is different from our FUD = fully undetected.
- Dec 25, 2017
- 158
Nobody is claiming that article is bogus. All the OP posted was an article that states there is no evidence of active malware exploiting Meltdown\Spectre.
Read the article in the thread you posted. It doesn't claim any active malware exploiting Meltdown\Spectre either.
You have patched system ? Don't worry about it then. If not, then patch your system. And don't worry about it.
Most Average Joes would read the article you posted and instead of being informed would just end up with FUD = fear, uncertainty, doubt. It's no one's fault. It's just the way things are.
Then again nobody knows what to do with Intel, the OEMs, and other parties switching their stories and reversing themselves. Right ?
Last edited by a moderator:
Maybe that exploit was the reason why HP and lenovo added keylogger and junkware to send telemetry.
For sure nation states have exploited these flaws. Intel ME, AMT and similar technologies among "allied" country chip makers have been exploited.
All the spying the US rightly accuses China of, obviously it does the same and more. How the game is played, cast suspicions like that and corporate media goes wild and the sheep believe. This is why some agencies top secret crap is now impossible to hack...gone old school/typewriters.
All the spying the US rightly accuses China of, obviously it does the same and more. How the game is played, cast suspicions like that and corporate media goes wild and the sheep believe. This is why some agencies top secret crap is now impossible to hack...gone old school/typewriters.
There's no evidence of it being exploited in the wild and there's no evidence of it not being exploited in the wild. 
My personal opinion is that it has been exploited in the wild but only for advanced, professional attacks, probably carried out by government agencies - but this isn't factual just my thought. The vulnerabilities have existed for too long, and several researchers I know of have dipped their heads into the topics regarding these vulnerabilities as far back as even 2010-2013 IIRC. While they did not manage to do anything at the time, they were on a good track, and if they were investigating all that time ago... Who says other people weren't?
There are Proof-Of-Concept's in the wild for these vulnerabilities now however they won't be speedy operations and an attacker will need to be really patient to make use of any of it themselves in a real attack and make a benefit of their time with it.
I recon that the malware industry will keep focusing on ransomware and crypto-currency miners as they currently are over trying to leverage these vulnerabilities due to how these vulnerabilities actually work/performance for results and other factors, but that's just my opinion.
If there's no evidence to prove that the vulnerabilities have been proven in the wild then it's evident based on that research that they haven't been exploited in the wild however it's limited to the scope of the research. It's like me claiming that no cow has ever flown to Mars and back and came back with Mars milk. Well, no one is likely going to believe personally that it has happened and research may not provide evidence, but you still do not actually know if it has happened or not. Maybe one day a cow escaped from a farm, grew wings, flew to Mars and back and no one noticed....
...In the same sense that if these vulnerabilities were exploited in secret, don't you think the people responsible would be trying to keep it quiet? They aren't going to go make a post on their Free Weebly blog announcing to the whole world that they exploited Spectre back in 2014.
Anyway it also depends on the context used for the term "wild". If they are referring to home user market for malware then that's a huge difference in comparison to professional attacks aimed at large companies.
My personal opinion is that it has been exploited in the wild but only for advanced, professional attacks, probably carried out by government agencies - but this isn't factual just my thought. The vulnerabilities have existed for too long, and several researchers I know of have dipped their heads into the topics regarding these vulnerabilities as far back as even 2010-2013 IIRC. While they did not manage to do anything at the time, they were on a good track, and if they were investigating all that time ago... Who says other people weren't?
One of the Spectre vulnerabilities can be mitigated by using the LFENCE instruction. This type of variant works because the CPU executes calculations ahead-of-time even if in the end such instructions aren't needed to be executed, but the LFENCE instruction enforces the checks so the operation isn't executed unless it really must, instead of it being done ahead of time and maybe having been for nothing.
For example:
Now in terms of speculative execution, the calculations which should be done within the conditional statement (only if Flag == TRUE) may be performed in advance, even if Flag turns out not to be equal to TRUE. Which is why one of the Spectre vulnerabilities exists.
However the LFENCE instruction being used prevents this for that block by enforcing Flag to be TRUE and thus the calculation isn't performed unless it needs to be.
New Visual Studio update actually enforces auto-checks and inserts the instruction where vulnerable code is detected, allowing recompilation with the new configuration setting enabled, to improve protection of the developers software against Spectre (automatically).
LFENCE instruction basically causes a hold for memory loading operations until all checks which need to be performed before the LFENCE instruction should have been called are performed, stopping the operations in the conditional statement being executed until it's definite that Flag is TRUE.
For example:
Code:
BOOLEAN Flag = FALSE;
... do stuff with Flag
if(Flag)
{
.... do some calculations here using a pointer array or something
}Now in terms of speculative execution, the calculations which should be done within the conditional statement (only if Flag == TRUE) may be performed in advance, even if Flag turns out not to be equal to TRUE. Which is why one of the Spectre vulnerabilities exists.
However the LFENCE instruction being used prevents this for that block by enforcing Flag to be TRUE and thus the calculation isn't performed unless it needs to be.
New Visual Studio update actually enforces auto-checks and inserts the instruction where vulnerable code is detected, allowing recompilation with the new configuration setting enabled, to improve protection of the developers software against Spectre (automatically).
LFENCE instruction basically causes a hold for memory loading operations until all checks which need to be performed before the LFENCE instruction should have been called are performed, stopping the operations in the conditional statement being executed until it's definite that Flag is TRUE.
There are Proof-Of-Concept's in the wild for these vulnerabilities now however they won't be speedy operations and an attacker will need to be really patient to make use of any of it themselves in a real attack and make a benefit of their time with it.
I recon that the malware industry will keep focusing on ransomware and crypto-currency miners as they currently are over trying to leverage these vulnerabilities due to how these vulnerabilities actually work/performance for results and other factors, but that's just my opinion.
If there's no evidence to prove that the vulnerabilities have been proven in the wild then it's evident based on that research that they haven't been exploited in the wild however it's limited to the scope of the research. It's like me claiming that no cow has ever flown to Mars and back and came back with Mars milk. Well, no one is likely going to believe personally that it has happened and research may not provide evidence, but you still do not actually know if it has happened or not. Maybe one day a cow escaped from a farm, grew wings, flew to Mars and back and no one noticed....
...In the same sense that if these vulnerabilities were exploited in secret, don't you think the people responsible would be trying to keep it quiet? They aren't going to go make a post on their Free Weebly blog announcing to the whole world that they exploited Spectre back in 2014.
Anyway it also depends on the context used for the term "wild". If they are referring to home user market for malware then that's a huge difference in comparison to professional attacks aimed at large companies.
There's no evidence of it being exploited in the wild and there's no evidence of it not being exploited in the wild.
My personal opinion is that it has been exploited in the wild but only for advanced, professional attacks, probably carried out by government agencies - but this isn't factual just my thought. The vulnerabilities have existed for too long, and several researchers I know of have dipped their heads into the topics regarding these vulnerabilities as far back as even 2010-2013 IIRC. While they did not manage to do anything at the time, they were on a good track, and if they were investigating all that time ago... Who says other people weren't?
One of the Spectre vulnerabilities can be mitigated by using the LFENCE instruction. This type of variant works because the CPU executes calculations ahead-of-time even if in the end such instructions aren't needed to be executed, but the LFENCE instruction enforces the checks so the operation isn't executed unless it really must, instead of it being done ahead of time and maybe having been for nothing.
For example:
Code:BOOLEAN Flag = FALSE; ... do stuff with Flag if(Flag) { .... do some calculations here using a pointer array or something }
Now in terms of speculative execution, the calculations which should be done within the conditional statement (only if Flag == TRUE) may be performed in advance, even if Flag turns out not to be equal to TRUE. Which is why one of the Spectre vulnerabilities exists.
However the LFENCE instruction being used prevents this for that block by enforcing Flag to be TRUE and thus the calculation isn't performed unless it needs to be.
New Visual Studio update actually enforces auto-checks and inserts the instruction where vulnerable code is detected, allowing recompilation with the new configuration setting enabled, to improve protection of the developers software against Spectre (automatically).
LFENCE instruction basically causes a hold for memory loading operations until all checks which need to be performed before the LFENCE instruction should have been called are performed, stopping the operations in the conditional statement being executed until it's definite that Flag is TRUE.
There are Proof-Of-Concept's in the wild for these vulnerabilities now however they won't be speedy operations and an attacker will need to be really patient to make use of any of it themselves in a real attack and make a benefit of their time with it.
I recon that the malware industry will keep focusing on ransomware and crypto-currency miners as they currently are over trying to leverage these vulnerabilities due to how these vulnerabilities actually work/performance for results and other factors, but that's just my opinion.
If there's no evidence to prove that the vulnerabilities have been proven in the wild then it's evident based on that research that they haven't been exploited in the wild however it's limited to the scope of the research. It's like me claiming that no cow has ever flown to Mars and back and came back with Mars milk. Well, no one is likely going to believe personally that it has happened and research may not provide evidence, but you still do not actually know if it has happened or not. Maybe one day a cow escaped from a farm, grew wings, flew to Mars and back and no one noticed....
...In the same sense that if these vulnerabilities were exploited in secret, don't you think the people responsible would be trying to keep it quiet? They aren't going to go make a post on their Free Weebly blog announcing to the whole world that they exploited Spectre back in 2014.
Anyway it also depends on the context used for the term "wild". If they are referring to home user market for malware then that's a huge difference in comparison to professional attacks aimed at large companies.
All the nation-state hacking agencies are continuously screwing each other over - friend or foe (for lack of a better terminology; what else does one call it ?). There's no evidence of anything. Until a WikiLeak happens...
And they ain't doing it to steal some Bitcoin whale's Bitcoins.
Similar threads
