Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Exploits’ Category




    Since the initial discovery of the initial Shellshock vulnerability, more issues have been found in Bash. This was not unexpected. After the initial disclosure of Heartbleed, other vulnerabilities were found in OpenSSL. This pattern is repeating itself with Shellshock and Bash. Summary of Shellshock Currently, six CVEs have been assigned that are related to Shellshock. The remotely exploitable attacks are related to a known feature of the Bash shell: it is possible to assign values and functions to environment variables. These bugs ...

    Posted in Exploits, Vulnerabilities |


    Sep28
    6:27 am (UTC-7)   |    by

    It seems like the floodgates have truly opened for Shellshock-related attacks. We have reported on different attacks leveraging the Bash bug vulnerability, ranging from botnet attacks to IRC bots. We have also mentioned that we spotted Shellshock exploit attempts in Brazil. It appears that these attempts were not limited to that country alone. We saw yet another Shellshock exploit attack—this time targeting a financial institution in China. Trend Micro Deep Discovery was able to detect this attempt and found that attackers were ...

    Posted in Exploits, Vulnerabilities |



    We have another update regarding Shellshock vulnerability. In a previous blog entry, we mentioned about a DDoS attack against institutions that depicted the gravity of the vulnerability's real-world impact. Based on our analysis, the backdoor that was used in this DDoS attack is somewhat related to the previous Shellshock exploits we have seen. It appears that the various payloads (PERL_SHELLBOT.WZ, ELF_BASHLITE.A, ELF_BASHLET.A) in the exploit code of the Shellshock vulnerability connect to several, yet common C&C servers. Analyzing these servers, we managed ...



    Sep26
    2:01 pm (UTC-7)   |    by

    One of the implications of the Bash Bug vulnerability also referred to as Shellshock is that cybercriminals and attackers can use it to launch DDoS attacks against enterprises and large organizations. True enough, there are reports already mentioning that there are botnet attacks against certain institutions which employed the vulnerability. A botnet is a network of infected computers/systems. Based on our investigation, the backdoor (which Trend Micro detects as ELF_BASHWOOP.A) launches the following commands: kill udp syn tcpamp dildos http mineloris In addition, it connects to the C&C server, ...



    Sep26
    1:21 am (UTC-7)   |    by

    In the immediate aftermath of the Bash vulnerability known as Shellshock, we have already seen some attacks using it to deliver DDoS malware onto Linux systems. However, given the severity of this vulnerability, it is almost certain that we will see bigger, severer attacks. What are some of the scenarios we could potentially see? Servers Web servers are currently at the highest risk of being exploited. CGI scripting is, at this time, the most reliable and best documented way of exploiting this vulnerability. As our earlier entry ...

    Posted in Exploits, Vulnerabilities |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice