Companies cannot manage to patch up their processes in the wake of Bash vulnerability. Security experts have issued two warnings regarding new malicious attacks associated with Shellshock, as they observe a rapidly growing number of cybercriminals who take advantage of the Bash flaw in UNIX and Linux systems.
The first warning was released by Akami and concerned a hacker group building a botnet by using systems exposed to the Shellshock vulnerability. The second one came from Trend Micro and reported about an attack on SMTP servers.
Also, a report by researchers with SERT (Solutionary Security Engineering Research Team) points out that hackers are changing their methods in an astonishingly quick manner, so they could leverage Shellshock. The experts estimated that 67% of the traffic captured with Shellshock signatures was associated to already established bad sources. This could only mean one thing – hackers are adapting fast and are already altering their strategies to include the Shellshock flaw in their attacks.
Things are getting out of control as cyber-crooks are adjusting way faster than security companies can react. The attacks are increasing, and a large part of the early activity is coming from authors of DDoS botnets. Hackers use the Bash flaw as a way to enlarge their botnets.
According to the Akami’s report the majority of the Shellshock-using botnets under observation are controlled by IRC. The same technique is being used in the attack described by Trend Micro. Their research team revealed that the crooks rely on a scam email to distribute the malicious code inserted in the From, Subject, To, and CC fields that exploits vulnerable SMTP servers, so an IRC bot can be installed. As the targeted server receives the corrupted message, the embedded payload gets executed, the IRC bot is downloaded, and connection to the controlling IRC server is established.
Experts with Trend Micro recommend IT administrators to block all related IPs and domains related to this attack.The attacks are constantly increasing, and organizations are urged to patch their systems for Shellshock. It is rather disturbing how easily the flaw can be exploited, which means that vulnerable systems can become a part of the botnets almost effortlessly.