• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Adding Insult to Injury: Fake Spectre, Meltdown Patch Pushes Malware to Users

Raevenlord

News Editor
Joined
Aug 12, 2016
Messages
3,755 (1.24/day)
Location
Portugal
System Name The Ryzening
Processor AMD Ryzen 9 5900X
Motherboard MSI X570 MAG TOMAHAWK
Cooling Lian Li Galahad 360mm AIO
Memory 32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s) Gigabyte RTX 3070 Ti
Storage Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s) Acer Nitro VG270UP (1440p 144 Hz IPS)
Case Lian Li O11DX Dynamic White
Audio Device(s) iFi Audio Zen DAC
Power Supply Seasonic Focus+ 750 W
Mouse Cooler Master Masterkeys Lite L
Keyboard Cooler Master Masterkeys Lite L
Software Windows 10 x64
A Malwarebytes report calls attention to the latest occurrence in the inevitable trend that that ensues a particular security vulnerability being given coverage by the media. As users' attention to the vulnerability is heightened, so is their search for a solution, for a way to reduce the risk of exposition. Hence, users search for patches; and hence, some fake patches surface that take advantage of the more distracted, or less informed, of those who really just want to be left at peace.

Case in point: Malwarebytes has identified a recently-registered domain that is particularly targeting German users (remember: you can be next; it's just a matter of Google translating the page for it be targeting you as well). The website is offering an information page with various links to external resources about Meltdown and Spectre and how it affects processors, and is affiliated with the German Federal Office for Information Security (BSI) - all good, right?






Expect it really isn't; its affiliation is only apparent, and this is an SSL-enabled phishing site that allows users to download a ZIP archive ("Intel-AMD-SecurityPatch-11-01bsi.zip") containing a so-called patch ("Intel-AMD-SecurityPatch-10-1-v1.exe"), which really is a piece of malware. Upon running it, users will infect themselves with Smoke Loader, a piece of malware that can retrieve additional payloads. Post-infection traffic shows the malicious file attempting to connect to various domains and sending encrypted information. So you think you're becoming less vulnerable, when in reality... Ah, the beauty of adding insult to injury.



View at TechPowerUp Main Site
 
Joined
Oct 2, 2004
Messages
13,791 (1.88/day)
Why would you download it from anywhere else than from either Microsoft webpage or hardware manufacturer official page?
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
42,055 (6.62/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
Because there are very uninformed people out there or blind
 

rtwjunkie

PC Gaming Enthusiast
Supporter
Joined
Jul 25, 2008
Messages
13,987 (2.35/day)
Location
Louisiana
Processor Core i9-9900k
Motherboard ASRock Z390 Phantom Gaming 6
Cooling All air: 2x140mm Fractal exhaust; 3x 140mm Cougar Intake; Enermax ETS-T50 Black CPU cooler
Memory 32GB (2x16) Mushkin Redline DDR-4 3200
Video Card(s) ASUS RTX 4070 Ti Super OC 16GB
Storage 1x 1TB MX500 (OS); 2x 6TB WD Black; 1x 2TB MX500; 1x 1TB BX500 SSD; 1x 6TB WD Blue storage (eSATA)
Display(s) Infievo 27" 165Hz @ 2560 x 1440
Case Fractal Design Define R4 Black -windowed
Audio Device(s) Soundblaster Z
Power Supply Seasonic Focus GX-1000 Gold
Mouse Coolermaster Sentinel III (large palm grip!)
Keyboard Logitech G610 Orion mechanical (Cherry Brown switches)
Software Windows 10 Pro 64-bit (Start10 & Fences 3.0 installed)
Why would you download it from anywhere else than from either Microsoft webpage or hardware manufacturer official page?
Because the majority of the people who use computers can just about handle turning it on and opening a browser.
 
Joined
Feb 11, 2012
Messages
1,486 (0.32/day)
Location
Anchorage Alaska
System Name Matter's / Helios 300 Predator
Processor Ryzen 7 2700 / i7 7700HQ
Motherboard B450 Tomahawk / Acer Helios 300 Predator
Cooling Arctic Freezer eSports Duo
Memory Patriot Viper ddr4 32gb / 32gb gskill ddr4
Video Card(s) MSI RTX 2080 Super Ventus OC / GTX 1060 6gb
Storage Patriot Viper nvme M2, crucial MX300 275gb, Samsung 860 qvo 1tb
Display(s) Acer 24" 1080p / 15.6 1080p HD
Case Antec 300 / Acer Helios 300 Predator
Audio Device(s) On Board - Steel Series Arctis Pro Wireless Cans
Power Supply Antec 850watt high current pro
Mouse Steel series Rival 600
Keyboard Corsair K70 / Acer Helios 300 Predator
Software Win 10 Pro / Win 10 Home
Joined
Apr 10, 2013
Messages
302 (0.07/day)
Location
Michigan, USA
Processor AMD 1700X
Motherboard Crosshair VI Hero
Memory F4-3200C14D-16GFX
Video Card(s) GTX 1070
Storage 960 Pro
Display(s) PG279Q
Case HAF X
Power Supply Silencer MK III 850
Mouse Logitech G700s
Keyboard Logitech G105
Software Windows 10
Why would you download it from anywhere else than from either Microsoft webpage or hardware manufacturer official page?
Case study: win-raid.com. people download whatever garbage there with no care for source. Motherboard mfg forums are full of users struggling with simple things; look back through their posts and you see downloads from garbage "get em here first beta" sites like that.
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
42,055 (6.62/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
that's putting it nice.... If I were allowed to retell some work stories about call ins :kookoo:

You and I know where we came from brother lol
 
Joined
Feb 9, 2009
Messages
1,618 (0.28/day)
Why would you download it from anywhere else than from either Microsoft webpage or hardware manufacturer official page?
Because there are very uninformed people out there or blind
Because the majority of the people who use computers can just about handle turning it on and opening a browser.
because it's using the gov's name & https, exactly what people look for, the only thing wrong is the .bid domain

Case study: win-raid.com. people download whatever garbage there with no care for source. Motherboard mfg forums are full of users struggling with simple things; look back through their posts and you see downloads from garbage "get em here first beta" sites like that.
coincidentally i ran into https://www.win-raid.com/t2739f44-OFFER-Gigabyte-GA-AX-Aorus-Gaming-BIOS-mod.html last night, the same guy that did the asus p5q mods a decade ago (that were great, though i didnt need them on my mid-high p5q-e), he is not posting on gigabyte's forum out of frustration & being insulted (gigabyte called him part of their 'community')

what site or forum do you suggest for user mods? some game mods get posted on reddit or discord, some software mods on ngohq or anand, there's little consistensy

even on a major site with skilled users that have posted good mods, someone might appear with fake mods & a following of users, without being banned by admins (i am very specifically thinking of a 'dellon' user on guru3d posting modified catalyst drivers that 'add support for old cards on new drivers'... given that i have to inspect driver files when i write my profiles list, i was quite familiar with ati/amd's dlls, i very much saw the bs that he did, he used old version dlls placed into new version installers, identical filesizes & loss of game profiles could be proven, yet he kept lying when called out, users kept saying things work, but they of course do not get the new per game fixes since the dlls themselves are old, completely placebo)
 
Top