Black Friday is Now! Don’t miss out on up to 60% OFF InvestingProCLAIM SALE

Hackers exploit 'Shellshock' bug with worms in early attacks

Published 26/09/2014, 02:30
© Reuters A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in Paris
GOOGL
-
AAPL
-
AMZN
-
RHT
-

By Jim Finkle

BOSTON (Reuters) - Hackers have begun exploiting the newly identified "Shellshock" computer bug, using fast-moving worm viruses to scan for vulnerable systems and then infect them, researchers warned on Thursday.

"Shellshock" is the first major Internet threat to emerge since the discovery in April of "Heartbleed," which affected encryption software used in about two-thirds of all web servers, along with hundreds of technology products.

The latest bug has been compared to "Heartbleed" partly because the software at the heart of the "Shellshock" bug, known as Bash, is also widely used in web servers and other types of computer equipment.

According to security experts, "Shellshock" is unlikely to affect as many systems as "Heartbleed" because not all computers running Bash can be exploited. Still, they said the new bug has the potential to wreak more havoc because it enables hackers to gain complete control of an infected machine, which lets them destroy data, shut down networks or launch attacks on websites.

The "Heartbleed" bug only allowed hackers to steal data.

The industry is rushing to determine which systems can be remotely compromised by hackers, but there are currently no estimates on the number of vulnerable systems.

Amazon.com Inc and Google Inc have released bulletins to advise web services customers how to protect themselves from the new cyber threat. A Google spokesman said the company is releasing software patches to fix the bug.

"We don't actually know how widespread this is. This is probably one of the most difficult-to-measure bugs that has come along in years," said Dan Kaminsky, a well-known expert on Internet threats.

For an attack to be successful, a targeted system must be accessible via the Internet and also running a second vulnerable set of code besides Bash, experts said.

"There is a lot of speculation out there as to what is vulnerable, but we just don't have the answers," said Marc Maiffret, chief technology officer of cybersecurity firm BeyondTrust. "This is going to unfold over the coming weeks and months."

ATTACKS ON DEVICES

Joe Hancock, a cybersecurity expert with insurer AEGIS in London, said in a statement that he is concerned about the potential for attacks on home broadband routers and controllers used to manage critical infrastructure facilities.

"In some areas this will be a challenge to fix, as many embedded devices are not designed with regular updates in mind and will never be able to be patched," Hancock said.

HD Moore, chief research officer with security software maker Rapid7, said it could take weeks or even months to determine what impact the bug will have.

"At this point we don't know what we don't know, but we do expect to see additional exploit vectors surface as vendors and researchers start the assessment process for their products and services," Moore said in an email. "We are likely to see compromises as a result of this issue for years to come."

Linux makers released patches to protect against attacks on Wednesday, though security researchers uncovered flaws in those updates, prompting No. 1 Linux maker Red Hat Inc to advise customers that the patch was "incomplete."

"That's a problem. It's been a little over 24 hours and we're still in the same boat," said Mat Gangwer, lead security consultant at Rook Security. "People are kind of freaking out. Rightfully so."

WORMS

Russian security software maker Kaspersky Lab reported that a computer worm has begun infecting computers by exploiting "Shellshock."

The malicious software can take control of an infected machine, launch denial-of-service attacks to disrupt websites, and also scan for other vulnerable devices, including routers, said Kaspersky researcher David Jacoby.

He said he did not know who was behind the attacks and could not name any victims.

Jaime Blasco, labs director at AlienVault, said he had uncovered the same piece of malware, as well as a second worm seeking to exploit "Shellshock," which was designed for launching denial of service attacks.

© Reuters. A lock icon, signifying an encrypted Internet connection, is seen on an Internet Explorer browser in Paris

"Heartbleed" is a bug in an open-source encryption software called OpenSSL. The bug put the data of millions of people at risk, as OpenSSL is used in about two-thirds of all websites. It also forced dozens of technology companies to issue security patches for hundreds of products that use OpenSSL.

(Additional reporting by Carolyn Cohn and Devika Krishna Kumar in Bangalore; Editing by Dan Grebler)

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.