Home Malware Programs Malware Shellshock

Shellshock

Posted: October 3, 2014

Threat Metric

Ranking: 14,825
Threat Level: 1/10
Infected PCs: 1,490
First Seen: October 3, 2014
Last Seen: September 6, 2023
OS(es) Affected: Windows

Shellshock is a Bash vulnerability that allows third parties to execute potentially threatening code through the command-line prompt. Because Bash is specific to Unix-based systems, Windows machines are not at risk of Shellshock attacks, but the estimates of attacks for Mac OS X and Linux systems already have exceeded ten thousand individual infections. Shellshock is a straightforward exploit that may let third parties have an unsafe level of access to your computer. Accordingly, vulnerable PC users are recommended to install relevant security patches and use updated anti-malware solutions for removing any software installed via Shellshock.

Shellshock: a Not-So-Shocking Twist from Old Trojans

Shellshock is a vulnerability that only has been widely documented this year, although its undisclosed lifespan most likely is longer than that – to the point where some coding specialists considered Shellshock an 'undocumented feature.' However, because Shellshock is easily-exploited with almost no coding knowledge, and grants hackers the ability to execute arbitrary code on the target PC, Shellshock quickly became known as a security flaw. Apple and other companies within the industry have issued patches that supposedly close the Shellshock vulnerability, although there continues to be heavy disputes about how complete the patches are, particularly for the Linux and OS X OSes.

Over seventeen thousand Shellshock attacks, the majority originating from North American or Chinese IP addresses, have been recorded in the past two weeks. However, most of these attacks use previously-identified backdoor Trojans and Trojan botnet-based infrastructures, with minor modifications to support the exploitation of the Shellshock bug. A slim majority of these attacks also are estimated to use the cURL command-line tool, which simplifies data transferral and allows third parties to get away with even less necessary coding expertise.

Denial-of-Service attacks, which flood servers with fake traffic from infected PCs, and standard information-collecting spyware attacks appear to be the dominant threat campaigns focused on spreading via Shellshock. However, other modes of distribution also remain open to abuse.

Powering Through the Shock of Shellshock

Site administrator machines are especially at risk of being affected by Shellshock attacks, and, as usual, should take the proper precautions to protect both their websites and their machines with updated security patches. Although DDoS Trojans may cause system slowdowns and other, semi-noticeable symptoms, not all of the Trojans associated with Shellshock attacks are prone to divulging their presence easily. Anti-malware scans by reliable software should continue to be able to identify Trojans modified to support Shellshock or use Shellshock in their personal distribution.

As with any vulnerability linked to possible spyware, it also is crucial to protect sensitive information that could transfer to third parties possession in the aftermath of a successful Shellshock attack. Monitor the use of local networks and accounts, and, if necessary, change any possibly-stolen passwords or security questions. However, for the moment, malware experts can emphasize that the most important thing you can do to protect yourself from Shellshock is to install all security updates offered for that purpose.

Technical Details

Additional Information

The following URL's were detected:
https://feed.convertersearchplus.com/?q=
Loading...