Shellshock bug attacks millions of systems worldwide

Shellshock is a software bug which affects the GNU Bourne Again Shell, generally referred to as Bash. Unfortunately, Bash is installed onto hundreds of millions of computers, servers, routers and mobile devices, and this means that anyone may be impacted by it. The most vulnerable of all are the users of MAC, Linux and Windows systems. The shell itself is a command-line shell and users/programmers employ it to control different programs and their features. Unfortunately, the bug provides the same privileges to anyone who is ready to utilize the vulnerability, and this may be used to activate devious malware.

The horrific Shellshock bug could be employed to take over the control of any system running Bash, particularly the Linux and Unix operating systems. What is most surprising is that this bug survived unnoticed for over 20 years now. Unfortunately, the vulnerability has been discovered only now, and cyber criminals are already exploiting it. So far, two active worms have been discovered to exploit the Shellshock vulnerability. These infections can install malware that is capable of turning the affected systems into bots, or software that uses Internet connection to run different tasks. The bots may connect to remote servers and allow remote attackers to send commands that could be used to initiate DDoS (distributed denial-of-service) attacks. Basically, if a patch for the Shellshock bug vulnerability is not applied, running infections could download malware, use the operating system for malware distribution, modify the settings (e.g., DNS settings) and, most importantly, access sensitive data.

Some computer users will still remember the scare of the Heartbleed vulnerability back in April (2014). The exploit was considered to be one of the biggest glitches in the history; however, it does not compare to Shellshock; at least not in the numbers of affected systems. The major threat was used to access sensitive information using vulnerable web servers, and this is only one of the features of the clandestine Shellshock bug. The bug can affect the Apache HTTP server because it runs Bash in the background as well. Unfortunately, this creates an array of different malware distribution possibilities.

The good news is that companies responsible for software and web servers learn about vulnerability exploits before the users do, which means that patches are issued right away. Even though many consider the applied patches to be flawed, using these patches is still better than doing nothing at all. Make sure you update your operating systems and devices, and monitor them closely. If you are responsible for hosting websites – apply patches right away; otherwise, schemers could apply vulnerabilities before you know it.