Hints of Meltdown

"Finally!" Shouted a young adult while he tried to get his breathing under control. After breathing normally again, he fished with his right hand the keys from his pockets. "Shit. Where was it again?" muttered he under his breath while searching in his backpack. "Ah, there it is." while unlocking the door in front of him with a smile.

"John! There you are, " Came a familiar voice from the kitchen, "I thought you will come later today?"

"Mum, I was lucky to get on the first train to Cologne. I did get to eat on my way -" While taking his shoes off, his mother interrupted him, "Really? You don't want to eat Spaghetti? Your sister did make it especially for you."

"Oh, " Scratching his head, "well, in that case, I am hungry." As a response, he heard his mother laughing.

"Hey, you cannot survive on fast-food." John tried to justify himself as he took the dish out of the fridge and heated it in the microwave, "Where is Maria?"

"She is in school, she should come in 3 hours." answered his mother as she cleaned the table.

A short repeating beep sounded out from the microwave.

After eating the dish, John leaned back on his chair while contemplating, "Intel really fucked up. Although it wasn't their fault at all. I mean who did expect that it would be possible to exploit the performance feature of their CPU's design to read data out of other processes memory locations which should not be possible to be accessible and if that wasn't bad enough, our security is based on this, memory isolation my ass." A sigh escaped him involuntary.

"What's with that long face, brother." Came from the voice behind him. John turned his head a little bit and saw her. "Hey, shouldn't you be in school?" Voiced he with furrowed eyebrows at her. "Really John? Look at the clock," Answered she with an eye roll. "Wait. It's already sixteen?" With haste, he walked to his room while cursing, "Fuck!"

"How was the Spaghetti anyway? John." Called his sister after him. "Y-yeah it was the best!" Came her answer as he rushed upstairs.

"Can he at least clean the dishes, but no, what could be more important than his little sister." She complained with a pout while she was cleaning up the dishes.

"He didn't thank me at all!" Shouted she in her room, "this jerk!" Clearly annoyed she laid on her bed and used her smartphone to surf. "Hehe," while quoting, "Hijacked Mozilla Firefox Addon stole email and steam accounts from their victims." A small movement with her finger, she clicked on the first video and fast forwarded it to a point.

"Dr. Boering can you tell me what you think the criminal did?" Asked the anchorwoman in her nice blue summer dress Hmph that dress should be mine. The thought of not having such a dress irked Maria.

"Well, Hannah, we, Dr. Hannes and I are not really certain if we are dealing with a hacker group or just a hacker, but what we did found are traces of parts from other malicious code that were already in the wild so to speak, one of such was the worm which used the Steam API to spread and a bug in the Steam beta to infect other computers. Personally, I think that we are dealing with a group, so I will refer the attacker as a group. What they did use or should I say exploit for their criminal activity is the Steam API, so that they can spread far in Steam after the initial infection with the Firefox Extension."

"How comes the virus could avoid the anti-virus solutions?" Questioned the anchorwoman again as Dr. Boering drank a little from his glass on the table.

"It's a worm. Well, they exploited a new evasion technique called Process Doppelgänging and interestingly enough it used the same approach in a different way like the evasion technique called Process Hollowing. It abused the Windows NTFS Transactions and an outdated implementation of Windows process loader so that our anti-virus solutions are most impotent against it at the moment."

"Which Windows version is affected?" Dr. Boering coughed.

"All. All versions of Microsoft Windows are affected." Hannah's jaw dropped to the ground.

"I think Microsoft will patch it shortly. So what this means is that they own your machine at this moment. What I find strange is that they used something to access the account data without a keylogger. At the moment we are cooperating with other researchers to get the full picture of this exploit."

"Oh, so - " A tap and the video was closed. "Really! Lol! I really want to see their expressions when they finally get the full picture!" Laughing and rolling in her bed many times, while she tried to imagine it.

For further understanding

Wikipedia article about Meltdown

Meltdown

Meltdown PoC Sourcecode

Hackernews article about Meltdown

Hackernews - Modern processors

Hackernews - Chrome extension hijacked

Kaspersky article about Steam Stealers

Hackernews article about Process Doppelgänging