Shellshock is a Threat to Any OS that has BASH
This is a big malware threat to all UNIX, Linux and Mac computers!
Shellshock bug: First malware to exploit security flaw spotted in the wild
Mirror – By: Mikey Smith – “The first malware apparently designed to exploit the devastating Shellshock vulnerability has been discovered online, and experts think it’s the tip of the iceberg.
Shellshock is a 25-year-old, but newly discovered flaw in software run on many Linux and Apple Mac computers.
The US government has rated the security flaw 10/10 for severity, and given it a complexity rating of ‘low’ – meaning it’s very easy to exploit.
The bug affects Bash, a program that runs on Apple Mac and Linux computers – and can run in the background without a user’s knowledge. The vulnerability lets hackers piggyback malicious code on otherwise benign commands.
The new exploit, known as a ‘bot’, infiltrates a vulnerable machine via the Shellshock bug, before setting up a series of malicious code.
One part of the code seems to enable a remote user to perform a distributed denial of service (DDoS) attack – where a network of hijacked computers can flood a server with information in an attempt to make it shut down.
Another part looks for other routers on the network, and tries commonly used administrator logins to try and hijack them too.
A third section connects to a remote server in what appears to be a ‘Command and Control’ function, allowing the remotely control the hijacked machine at a later date.
Updates have been issued for Linux versions of Bash, but Apple has yet to announce a downloadable patch. Some fear the issue may go beyond servers and desktop computers, and allow internet c