HACKERS ARE STILL mounting cyber attacks across the globe thanks to exploits of Bash bug vulnerabilities, researchers at Fireeye and Trend Micro have warned, which have been made worse by an unsuccessful patch update.
The vulnerability in Unix-based systems codenamed Shellshock was uncovered last week, with some experts claiming that it could be more serious than the Heartbleed SSL bug uncovered in April.
The Bash bug, as implied by its name, is a vulnerability that allows unscrupulous users to take control of Bourne Again Shell (bash), the software used to control the Unix command prompt on some Unix-like systems. This means that systems running Mac OS X and Linux are all potentially susceptible.
Fireeye threat researchers Michael Lin, James Bennett and David Bianco reported a variety of Shellshock attacks in a blog post, claiming that the flaw is being exploited by criminals for a variety of purposes.
The post said, "We have observed a significant amount of overtly malicious traffic leveraging Bash, including malware droppers, reverse shells and backdoors, data exfiltration and distributed denial of service (DDoS)" attacks.
"So far, attackers have deployed scanners looking for vulnerable machines that have been bombarding networks with traffic since midday Wednesday. Through threat intelligence collected from Fireeye's Dynamic Threat Intelligence (DTI) centre, we are seeing frenzied activity all over the world."
The Shellshock vulnerability is said to be one of the most dangerous vulnerabilities ever discovered. Telecoms technology firm Cisco confirmed 31 individual products are vulnerable to Shellshock and that it is actively investigating a further 23 products in a public threat advisory.
For example, Fireeye highlighted an advanced campaign emanating from Russia as being particularly worrying, as it proved that the initial Shellshock patch is ineffective.
"Some of this suspicious activity appears to be originating from Russia. We suspect bad actors may be conducting an initial dry run, in preparation for a real, potentially larger-scale attack.
"We believe it's only a matter of time before attackers exploit the vulnerability to redirect users to malicious hosts, which can result in further compromise," the post continued.
Fireeye said that the initial patch for this vulnerability (CVE-2014-6271), which was released at the same time as the vulnerability's public disclosure, was quickly found to be ineffective. It's worth noting that the incomplete patch did not introduce new vectors, but was inadequate to close the vulnerability created by the original bug."
Trend Micro also found a campaign taking advantage of Shellshock to mount attacks on an unnamed Chinese financial institution. Trend Micro said that the attack seems to have a similar exploratory goal to those seen by Fireeye.
"Trend Micro Deep Discovery was able to detect this attempt and found that attackers were trying to see if several IPs owned by the institution were vulnerable to a Shellshock vulnerability, specifically CVE-2014-06271," the report said.
"At first glance, retrieving system information might seem harmless. But as we mentioned before, the information-gathering could possibly be a sign of preparation for more damaging routines. This one command could be a gateway for bigger, more damaging attacks."
On Friday, it became apparent that hackers were taking advantage of the bug while the flaws were left unpatched.
While Google and Amazon both issued statements announcing the steps they've taken to contain the vulnerability, Apple, whose Mac OS X operating system is one of the potential targets of the exploit, characteristically played down the risk to consumers. µ
Presumably 'Richard' is your next security worry
Good news if the kids need a summer job
Welcome back, Zoinkerberg
That's another good reason not to see it