Linux administrators everywhere have been working feverishly to patch their systems and protect them from the recently discovered Shellshock bug. Despite their efforts, many attacks have already been detected and more and more systems are being compromised as this security flaw continues to be exploited by attackers.
What Is the Shellshock Bug?
While you might have heard the term Shellshock thrown around and heard about the seriousness of the security hole, you might not truly understand what this bug is and which computers and systems it affects. The Shellshock bug refers to a vulnerability discovered in a tool known as Bash. This tool is widely used by Unix based operating systems and many of its variants including Mac OS X and Linux.
What makes the Shellshock bug so serious is the fact that attackers can exploit the bug to do more than just steal data. An attacker can easily take control of the computer and use it to destroy the servers or send out even more malicious code. Because of the widespread adoption of Linux as the web server of choice for hosting websites and other web based applications, the Shellshock bug is one of the most widespread bugs seen recently.
Initial reports estimated as many as 500 million computers could have been affected by this bug making it one of the most dangerous security holes ever seen, although more recent reports are beginning to lower this estimate.
Widespread Attacks
Even though a fix has already been released and companies and IT techs are working as fast as they can to patch this bug on their servers, this work takes time and the hackers aren't wasting any time using their exploit.
Security firms have already detected networks of compromised servers and computers known as botnets that attackers have already exploited to use for other, more nefarious means. These botnets have already been used to perform attacks on tech giant Akamai. Attackers have attempted to spam the company with vast amounts of junk data in an attempt to knock them offline.
The Akamai attack isn't the only one happening. Several other attacks have been detected ranging from simple searches for other exploited computers to full malware installs designed to take down servers and propagate Shellshock across the web. In addition, some of these attacks are also working to steal the valuable data held on these servers.
Governments Get Involved
The seriousness of this exploit cannot be over stressed, and many governments have decided to get involved in an attempt to protect their citizens from the attacks. In the UK, its cybersecurity response team has issued an alert to its citizens. In addition, the U.S. and Canadian governments have done the same. At the same time, they are urging companies like Amazon and Google to work harder and faster to patch the bug.
While governments and companies work feverishly to fix Shellshock once and for all, the fact remains is no one really knows exactly how widespread the security hole really is and tracking down each and every system affected by the bug is proving difficult. At this point, the number of computers that have been affected is simply not known and it could take weeks or even months to truly discover how widespread and damaging Shellshock truly was.
