Shellshock Internet superbug has techies scrambling for defences
Companies and public sector organisations around the world are scrambling to protect themselves against the newest cyber threat called Shellshock which was discovered on Wednesday. It has been rated as far worse than Heartbleed which stuck five months ago and reinforces how thin the Internet's defences are against determined hackers. As the Reuters story below points out, it's still too early for anyone to offer definitive advice how to defend against this malwear. – AH
By Jim Finkle
The latest bug has been compared to "Heartbleed" partly because the software at the heart of the "Shellshock" bug, known as Bash, is also widely used in web servers and other types of computer equipment.
According to security experts, "Shellshock" is unlikely to affect as many systems as "Heartbleed" because not all computers running Bash can be exploited. Still, they said the new bug has the potential to wreak more havoc because it enables hackers to gain complete control of an infected machine, which lets them destroy data, shut down networks or launch attacks on websites.
The "Heartbleed" bug only allowed hackers to steal data.
The industry is rushing to determine which systems can be remotely compromised by hackers, but there are currently no estimates on the number of vulnerable systems.
Amazon.com Inc and Google Inc have released bulletins to advise web services customers how to protect themselves from the new cyber threat. A Google spokesman said the company is releasing software patches to fix the bug.
For an attack to be successful, a targeted system must be accessible via the Internet and also running a second vulnerable set of code besides Bash, experts said.
ATTACKS ON DEVICES
"In some areas this will be a challenge to fix, as many embedded devices are not designed with regular updates in mind and will never be able to be patched," Hancock said.
"At this point we don't know what we don't know, but we do expect to see additional exploit vectors surface as vendors and researchers start the assessment process for their products and services," Moore said in an email. "We are likely to see compromises as a result of this issue for years to come."
WORMS
Russian security software maker Kaspersky Lab reported that a computer worm has begun infecting computers by exploiting "Shellshock."
He said he did not know who was behind the attacks and could not name any victims.