Wednesday, January 17th 2018

Adding Insult to Injury: Fake Spectre, Meltdown Patch Pushes Malware to Users

A Malwarebytes report calls attention to the latest occurrence in the inevitable trend that that ensues a particular security vulnerability being given coverage by the media. As users' attention to the vulnerability is heightened, so is their search for a solution, for a way to reduce the risk of exposition. Hence, users search for patches; and hence, some fake patches surface that take advantage of the more distracted, or less informed, of those who really just want to be left at peace.

Case in point: Malwarebytes has identified a recently-registered domain that is particularly targeting German users (remember: you can be next; it's just a matter of Google translating the page for it be targeting you as well). The website is offering an information page with various links to external resources about Meltdown and Spectre and how it affects processors, and is affiliated with the German Federal Office for Information Security (BSI) - all good, right?
Expect it really isn't; its affiliation is only apparent, and this is an SSL-enabled phishing site that allows users to download a ZIP archive ("Intel-AMD-SecurityPatch-11-01bsi.zip") containing a so-called patch ("Intel-AMD-SecurityPatch-10-1-v1.exe"), which really is a piece of malware. Upon running it, users will infect themselves with Smoke Loader, a piece of malware that can retrieve additional payloads. Post-infection traffic shows the malicious file attempting to connect to various domains and sending encrypted information. So you think you're becoming less vulnerable, when in reality... Ah, the beauty of adding insult to injury.
Source: Malwarebytes blog
Add your own comment

9 Comments on Adding Insult to Injury: Fake Spectre, Meltdown Patch Pushes Malware to Users

#1
RejZoR
Why would you download it from anywhere else than from either Microsoft webpage or hardware manufacturer official page?
Posted on Reply
#2
eidairaman1
The Exiled Airman
Because there are very uninformed people out there or blind
Posted on Reply
#3
rtwjunkie
PC Gaming Enthusiast
RejZoR, post: 3785201, member: 1515"
Why would you download it from anywhere else than from either Microsoft webpage or hardware manufacturer official page?
Because the majority of the people who use computers can just about handle turning it on and opening a browser.
Posted on Reply
#4
flmatter
eidairaman1, post: 3785231, member: 40556"
uninformed people out there or blind
that's putting it nice.... If I were allowed to retell some work stories about call ins :kookoo:
Posted on Reply
#5
RejZoR
rtwjunkie, post: 3785273, member: 56774"
Because the majority of the people who use computers can just about handle turning it on and opening a browser.
That's not true. They become absolute experts when it comes to disabling security measures and making sure they somehow manage to infect the system.
Posted on Reply
#6
GenericAMDFan
time to update the definitions of your common sense :laugh:
Posted on Reply
#7
ssdpro
RejZoR, post: 3785201, member: 1515"
Why would you download it from anywhere else than from either Microsoft webpage or hardware manufacturer official page?
Case study: win-raid.com. people download whatever garbage there with no care for source. Motherboard mfg forums are full of users struggling with simple things; look back through their posts and you see downloads from garbage "get em here first beta" sites like that.
Posted on Reply
#8
eidairaman1
The Exiled Airman
flmatter, post: 3785339, member: 102844"
that's putting it nice.... If I were allowed to retell some work stories about call ins :kookoo:
You and I know where we came from brother lol
Posted on Reply
#9
kn00tcn
RejZoR, post: 3785201, member: 1515"
Why would you download it from anywhere else than from either Microsoft webpage or hardware manufacturer official page?
eidairaman1, post: 3785231, member: 40556"
Because there are very uninformed people out there or blind
rtwjunkie, post: 3785273, member: 56774"
Because the majority of the people who use computers can just about handle turning it on and opening a browser.
because it's using the gov's name & https, exactly what people look for, the only thing wrong is the .bid domain

ssdpro, post: 3785501, member: 131037"
Case study: win-raid.com. people download whatever garbage there with no care for source. Motherboard mfg forums are full of users struggling with simple things; look back through their posts and you see downloads from garbage "get em here first beta" sites like that.
coincidentally i ran into https://www.win-raid.com/t2739f44-OFFER-Gigabyte-GA-AX-Aorus-Gaming-BIOS-mod.html last night, the same guy that did the asus p5q mods a decade ago (that were great, though i didnt need them on my mid-high p5q-e), he is not posting on gigabyte's forum out of frustration & being insulted (gigabyte called him part of their 'community')

what site or forum do you suggest for user mods? some game mods get posted on reddit or discord, some software mods on ngohq or anand, there's little consistensy

even on a major site with skilled users that have posted good mods, someone might appear with fake mods & a following of users, without being banned by admins (i am very specifically thinking of a 'dellon' user on guru3d posting modified catalyst drivers that 'add support for old cards on new drivers'... given that i have to inspect driver files when i write my profiles list, i was quite familiar with ati/amd's dlls, i very much saw the bs that he did, he used old version dlls placed into new version installers, identical filesizes & loss of game profiles could be proven, yet he kept lying when called out, users kept saying things work, but they of course do not get the new per game fixes since the dlls themselves are old, completely placebo)
Posted on Reply