As of Feb. 1, antivirus testing firm AV-TEST had found 139 malware samples that exploit Meltdown and Spectre. Most are not very functional, but that could change. It was inevitable. Once Google published its findings for the Meltdown and Spectre vulnerabilities in CPUs, the bad guys used that as a roadmap to create their malware. And so far, researchers have found more than 130 malware samples designed to exploit Spectre and Meltdown. If there is any good news, it’s that the majority of the samples appear to be in the testing phase, according to antivirus testing firm AV-TEST, or are based on proof-of-concept software created by security researchers. Still, the number is rising fast. On January 17, AV-TEST reported that it had seen 77 malware samples. Six days later, that number had increased to 119, and by February 1, it was up to 139 samples. The Meltdown and Spectre attack methods exploit a design flaw in branch prediction, where a CPU makes an educated guess on what it will compute or process next, and they allow malicious applications to bypass memory isolation to access the contents of memory. While the contents cannot be altered or destroyed, they can be read, which is bad enough. JavaScript-based proof-of-concept exploit for Spectre Shortly after the disclosure of the Spectre and Meltdown vulnerabilities last month, a JavaScript-based proof-of-concept exploit for Spectre appeared on the Internet. Security firm Fortinet examined all of the publicly available samples at the end of January and found 83 percent of the samples were all based on proof-of-concept code. This means the malware writers are still experimenting and trying to find a good, working exploit. And since they are using JavaScript, it will likely come in the form of a web attack — which, in a way, is good news. Servers don’t browse the web, clients do. And Microsoft and Apple have already issued fixes for Windows and macOS. So if the bulk of exploits are JavaScript, hopefully they will stick to the client side where they can be locked down. The trick then becomes keeping it off the servers. And that assumes hackers will stick to JavaScript. Intel has issued fixes for the exploit but had to pull them because they caused more harm than good, drawing the ire of Linux creator Linus Torvalds. Intel has just issued new BIOS fixes. Microsoft has issued its own Windows fix, and it had its share of problems as well. If that weren’t bad enough, Malwarebytes discovered a fraudulent site targeting German users with a fake patch supposedly to fix Meltdown and Spectre but actually installs the Smoke Loader malware, which downloads other malicious payloads. Related content news analysis AMD launches Instinct AI accelerator to compete with Nvidia AMD enters the AI acceleration game with broad industry support. First shipping product is the Dell PowerEdge XE9680 with AMD Instinct MI300X. By Andy Patrizio Dec 07, 2023 6 mins CPUs and Processors Generative AI Data Center news analysis Western Digital keeps HDDs relevant with major capacity boost Western Digital and rival Seagate are finding new ways to pack data onto disk platters, keeping them relevant in the age of solid-state drives (SSD). By Andy Patrizio Dec 06, 2023 4 mins Enterprise Storage Data Center news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe