Adding Insult to Injury: Fake Spectre, Meltdown Patch Pushes Malware to Users

[Raevenlord]

A Malwarebytes report calls attention to the latest occurrence in the inevitable trend that that ensues a particular security vulnerability being given coverage by the media. As users' attention to the vulnerability is heightened, so is their search for a solution, for a way to reduce the risk of exposition. Hence, users search for patches; and hence, some fake patches surface that take advantage of the more distracted, or less informed, of those who really just want to be left at peace.

Case in point: Malwarebytes has identified a recently-registered domain that is particularly targeting German users (remember: you can be next; it's just a matter of Google translating the page for it be targeting you as well). The website is offering an information page with various links to external resources about Meltdown and Spectre and how it affects processors, and is affiliated with the German Federal Office for Information Security (BSI) - all good, right?






Expect it really isn't; its affiliation is only apparent, and this is an SSL-enabled phishing site that allows users to download a ZIP archive ("Intel-AMD-SecurityPatch-11-01bsi.zip") containing a so-called patch ("Intel-AMD-SecurityPatch-10-1-v1.exe"), which really is a piece of malware. Upon running it, users will infect themselves with Smoke Loader, a piece of malware that can retrieve additional payloads. Post-infection traffic shows the malicious file attempting to connect to various domains and sending encrypted information. So you think you're becoming less vulnerable, when in reality... Ah, the beauty of adding insult to injury.



View at TechPowerUp Main Site

 

[RejZoR]

Why would you download it from anywhere else than from either Microsoft webpage or hardware manufacturer official page?

 

[eidairaman1]

Because there are very uninformed people out there or blind

 

[rtwjunkie]

Why would you download it from anywhere else than from either Microsoft webpage or hardware manufacturer official page?

Because the majority of the people who use computers can just about handle turning it on and opening a browser.

 

[flmatter]

uninformed people out there or blind

that's putting it nice.... If I were allowed to retell some work stories about call ins

 

[RejZoR]

Because the majority of the people who use computers can just about handle turning it on and opening a browser.

That's not true. They become absolute experts when it comes to disabling security measures and making sure they somehow manage to infect the system.

 

[GenericAMDFan]

time to update the definitions of your common sense

 

[ssdpro]

Why would you download it from anywhere else than from either Microsoft webpage or hardware manufacturer official page?

Case study: win-raid.com. people download whatever garbage there with no care for source. Motherboard mfg forums are full of users struggling with simple things; look back through their posts and you see downloads from garbage "get em here first beta" sites like that.

 

[eidairaman1]

that's putting it nice.... If I were allowed to retell some work stories about call ins

You and I know where we came from brother lol

 

[kn00tcn]

Why would you download it from anywhere else than from either Microsoft webpage or hardware manufacturer official page?

Because there are very uninformed people out there or blind

Because the majority of the people who use computers can just about handle turning it on and opening a browser.

because it's using the gov's name & https, exactly what people look for, the only thing wrong is the .bid domain

Case study: win-raid.com. people download whatever garbage there with no care for source. Motherboard mfg forums are full of users struggling with simple things; look back through their posts and you see downloads from garbage "get em here first beta" sites like that.

coincidentally i ran into https://www.win-raid.com/t2739f44-OFFER-Gigabyte-GA-AX-Aorus-Gaming-BIOS-mod.html last night, the same guy that did the asus p5q mods a decade ago (that were great, though i didnt need them on my mid-high p5q-e), he is not posting on gigabyte's forum out of frustration & being insulted (gigabyte called him part of their 'community')

what site or forum do you suggest for user mods? some game mods get posted on reddit or discord, some software mods on ngohq or anand, there's little consistensy

even on a major site with skilled users that have posted good mods, someone might appear with fake mods & a following of users, without being banned by admins (i am very specifically thinking of a 'dellon' user on guru3d posting modified catalyst drivers that 'add support for old cards on new drivers'... given that i have to inspect driver files when i write my profiles list, i was quite familiar with ati/amd's dlls, i very much saw the bs that he did, he used old version dlls placed into new version installers, identical filesizes & loss of game profiles could be proven, yet he kept lying when called out, users kept saying things work, but they of course do not get the new per game fixes since the dlls themselves are old, completely placebo)