Shellshock bug: The internet’s brand new villain

Discovered last week, Shellshock, also known as the Bash Bug, continues to raise concern.

Experts believe it could be an even greater threat than the Heartbleed Bug. Where Heartbleed could only affect a specific version of OpenSSL, Shellshock can spread to a multitude of devices.

The virus is a vulnerability that can exploit command access to Linux-based systems and adversely impact a majority of the web servers around the world, as well as Internet-connected devices on the Mac OSX platform.

Recent research has found that Shellshock has been part of Bash since its inception. And if an attacker is successful, he or she can take complete control of the target’s system.

Lamar Bailey, director of Tripwire?s vulnerability and exposure research team, warns: ?this is one of the rare vulnerabilities with the potential to be a wide-scale worm, because it is extremely easy to exploit and there are millions of vulnerable targets.?

Indeed, once on a Linux-based system, it has the potential to spread across all internet-connected devices. Hackers could even gain access to someone’s house through unsurprising products such as smart bulbs!

Researchers even believe that one of the reasons why it can spread to such a multitude of devices is because a lot of software uses Bash in some way.

Internet security firm FireEye has reported plenty of malicious traffic using the bug, some reportedly from Russia. Researchers from Incapsula have seen more than 17,400 attacks, 725 per hour.

Over 1,800 domains have been attacked from 400 unique IP addresses. Half of those have apparently originated from China or the US.

You know the drill. As with Heartbleed, keep all anti-virus software up-to-date – you do have one, right? – and be especially mindful of clicking on links from unrecognised sources.

Image source

Share this story

0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x
Send this to a friend