Wednesday, January 17th 2018
Adding Insult to Injury: Fake Spectre, Meltdown Patch Pushes Malware to Users
A Malwarebytes report calls attention to the latest occurrence in the inevitable trend that that ensues a particular security vulnerability being given coverage by the media. As users' attention to the vulnerability is heightened, so is their search for a solution, for a way to reduce the risk of exposition. Hence, users search for patches; and hence, some fake patches surface that take advantage of the more distracted, or less informed, of those who really just want to be left at peace.
Case in point: Malwarebytes has identified a recently-registered domain that is particularly targeting German users (remember: you can be next; it's just a matter of Google translating the page for it be targeting you as well). The website is offering an information page with various links to external resources about Meltdown and Spectre and how it affects processors, and is affiliated with the German Federal Office for Information Security (BSI) - all good, right?
Expect it really isn't; its affiliation is only apparent, and this is an SSL-enabled phishing site that allows users to download a ZIP archive ("Intel-AMD-SecurityPatch-11-01bsi.zip") containing a so-called patch ("Intel-AMD-SecurityPatch-10-1-v1.exe"), which really is a piece of malware. Upon running it, users will infect themselves with Smoke Loader, a piece of malware that can retrieve additional payloads. Post-infection traffic shows the malicious file attempting to connect to various domains and sending encrypted information. So you think you're becoming less vulnerable, when in reality... Ah, the beauty of adding insult to injury.
Source:
Malwarebytes blog
Case in point: Malwarebytes has identified a recently-registered domain that is particularly targeting German users (remember: you can be next; it's just a matter of Google translating the page for it be targeting you as well). The website is offering an information page with various links to external resources about Meltdown and Spectre and how it affects processors, and is affiliated with the German Federal Office for Information Security (BSI) - all good, right?
9 Comments on Adding Insult to Injury: Fake Spectre, Meltdown Patch Pushes Malware to Users
what site or forum do you suggest for user mods? some game mods get posted on reddit or discord, some software mods on ngohq or anand, there's little consistensy
even on a major site with skilled users that have posted good mods, someone might appear with fake mods & a following of users, without being banned by admins (i am very specifically thinking of a 'dellon' user on guru3d posting modified catalyst drivers that 'add support for old cards on new drivers'... given that i have to inspect driver files when i write my profiles list, i was quite familiar with ati/amd's dlls, i very much saw the bs that he did, he used old version dlls placed into new version installers, identical filesizes & loss of game profiles could be proven, yet he kept lying when called out, users kept saying things work, but they of course do not get the new per game fixes since the dlls themselves are old, completely placebo)