Researchers hide malware in benign apps with the help of speculative execution

Discussion in 'malware problems & news' started by mood, Feb 26, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    13,103
    Researchers hide malware in benign apps with the help of speculative execution
    February 26, 2019
    https://www.zdnet.com/article/resea...-apps-with-the-help-of-speculative-execution/
    Whitepaper: "ExSpectre: Hiding Malware in Speculative Execution" (PDF - 698 KB): https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_02B-5_Wampler_paper.pdf
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,436
    Location:
    U.S.A.
    Interesting stuff indeed. The question is just how viable is an attack using it? POC in a lab environment is a lot different than implemented a working attack scenario against a wide range of processors. One misstep and its blue screen time.
     
  3. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    Well, any attack will have to start from somewhere. And you're not going to get this file out of nowhere, you'll need to first download it (and run it). And you bet stuff like google chrome or steam isn't getting its update channel hijacked anytime soon, soooooo the attack vector just isn't there, that's always the problem. You can have a vulnerability that launches nuclear rockets, doesn't ****** matter. Security is so easy, just don't run random stuff and you're good. Or if you do, expect the worst, I use sandboxie for that purpose. Won't stop the nuclear rockets, but it's good enough. In fact sandboxie is my only security software right now, life is so much simpler without the nvt erp prompts and rules or the various excubits drivers that I used before. And I don't have to worry about anything. There's the legit stuff like steam or spotify, and there's the not-so-legit stuff in sandboxie. Life is simple. Literally 0 slowdown on the pc, not even the slightest. Security software is a thing of the past.
     
    Last edited: Feb 26, 2019
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.