Researchers discover Malware Samples Designed to Exploit CPU Vulnerabilities

As of late scientists have found more than 130 malware samples intended to misuse the recently disclosed Spectre and Meltdown CPU vulnerabilities that enable pernicious applications to sidestep memory isolation mechanisms in order to gain access to passwords, photographs, archives, mails, and other sensitive data.

Experts have cautioned that there could soon be remote attacks, not long after Spectre and Meltdown were unveiled on January 3, and to top that a JavaScript-based Proof of-Concept (PoC) misuse for Spectre had likewise been made accessible.

On Wednesday, January 17 an antivirus testing firm AV-TEST, announced that it has obtained 139 samples from different sources, including researchers, analysers and antivirus companies and had likewise observed 77 malware tests apparently identified with the CPU vulnerabilities making the number fairly rising to 119 by January 23. However, the experts do believe that the prevailing malware samples are still in the "research phase" and assailants are in all likelihood searching for approaches to extract more information from computers especially via the means of web browsers



“Most appear to be recompiled/extended versions of the PoCs - interestingly, for various platforms like Windows, Linux and MacOS,” says Andreas Marx, CEO of AV-TEST , further adds “We also found the first JavaScript PoC codes for web browsers like IE, Chrome or Firefox in our database now.”

Fortinet, which is likewise known for dissecting a significant number of the samples, affirmed that a larger part of them depended on accessible PoC code.

Processor and operating system vendors have been dealing with microcode and software alleviations for the Meltdown and Spectre attacks, yet the patches have regularly caused issues, prompting organizations ending refreshes and disabling alleviations until the point that such issues are settled.


Marx, in addition to the installing of the operating systems and BIOS updates, further proposed a couple of more suggestions that have a solid shot of reducing the attacks, two of them being: turning off the PC when it's not required for over an hour, and closing the web browsers amid work breaks. He is certain that by adjusting to these strategies the attack surface would diminish a considerable measure and furthermore save quite some energy.

Hook Analyser 2.2 Released , malware analyzer tool


Hook Analyser is a freeware project, started in 2011, to analyse an application during the run-time. The project can be potentially useful in analysing malwares (static and run time), and for performing application crash analysis.

Features:
1. Spawn and Hook to Application
This feature allows analyst to spawn an application, and hook into it

2. Hook to a specific running process
The option allows analyst to hook to a running (active) process.

3. Perform quick static malware analysis
This module is one of the most interesting and useful module of Hook Analyser, which performs scanning on PE or Widows executables to identify potential malware traces.

4. Application crash analysis
This module enables exploit researcher and/or application developer to analyse memory content when an application crashes.

Change log -

  • The UI and modules of the project have been re-written. The interactive mode is more verbose.
  • The (static) malware analysis module has been enhanced.
  • Bug fixes and other improvements.
Download it from here:
beenuarora.com/HookAnalyser2.2.zip


Hook Analyser 2.0 released -reversing application and analysing malwares

Hook analyser is a hook tool which could be potentially helpful in reversing application and analysing malwares.

Changelog:

  • Static analysis functionality has got improved significantly.
  • Nice fingerprinting feature (part of the static analysis module).
  • Analysis and logging modules have improved.
  • No more annoying browser pop-ups (previous releases had some).
Download it from here:
http://beenuarora.com/HookAnalyser2.0.zip

Malware Analyzer v3.3 Released ~Security Tools

 
Malware Analyser is a freeware tool to perform static and dynamic analysis of the malwares.

Features:
  • String based analysis for registry, API calls, IRC Commands, DLL’s called and VMAware.
  • Display detailed headers of PE with all its section details, import and export symbols etc.
  • On distros, can perform an ASCII dump of the PE along with other options (check –help argument).
  • For windows, it can generate various section of a PE : DOS Header, DOS Stub, PE File Header, Image Optional Header, Section Table, Data Directories, Sections
    ASCII dump on windows machine.
  • Code Analysis (disassembling)
  • Online malware checking (www.virustotal.com)
  • Check for Packer from the Database.
  • Tracer functionality: Can be used to identify
  • Anti-debugging Calls tricks, File system manipulations Calls Rootkit Hooks, Keyboard Hooks, DEP Setting Change, Network Identification traces.
  • Signature Creation: Allows to create signature of malware.
  • Batch Mode Scan to Scan all DLL and Exe in directories and sub-directories

Malware Analyzer v3.3 rleased.

Changelogs:

--Added Traces signatures
--Improved parsing
--Bug fixes


Hook Analyser Malware Tool Released

Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. The tool can hook to an API in a process and can do following tasks.


  • 1. Hook to API in a process
  • 2. Hook to API and search for pattern in memory of a process
  • 3. Hook to API and dump buffer (memory).