Hackers Exploit Shellshock, Much More Trouble Awaits

Security experts are keeping an eye on the Shellshock vulnerability, also known as the Bash (Bourne-Again Shell) bug, as a focus for malicious scanning and at least one botnet. They warn, though, that hackers havenEUt even begun to test the limits of the vulnerability.

The Shellshock vulnerability, also called the Bash (Bourne-Again Shell) bug, could be even an even greater threat than the Heartbleed bug. Disclosed in April, Heartbleed threw a scare into Internet users by exploiting OpenSSL cryptography vulnerabilities to allow theft of servers private keys and users' session cookies and passwords via fake Web sites.

The Internet security firm FireEye reported that it has seen plenty of malicious traffic using the Bash bug, some of it possibly from Russia. The activity has included DDoS attacks, malware droppers, reverse shell hacks, backdoors and data exfiltration.

Elsewhere, security researchers at Incapsula logged more than 17,400 attacks at an average rate of 725 an hour. The company said that more than 1,800 domains in its network were attacked from about 400 unique IP addresses, more than half originating in China and the United States.

Attackers are using scanners that bombard networks and seek out vulnerable machines. To this point, most of the attention from hackers has gone to the Common Gateway Interface vector, an interface between a Web server and executables that produce dynamic content.

A Threat to UNIX Machines

The extent of Shellshock could go far behind Web servers, however. The bug could become a serious threat to computers using Unix-based operating systems, including Linux and Apple's Mac OS X. From there it has the potential to spread to all Internet-connected devices. Bash is the software used to control the command prompt on many Unix computers, and Shellshock can exploit it to take complete control of a system.

Shellshock could also allow hackers to...

Comments are closed.