Our coverage on the Bash bug vulnerability (more popularly known as “Shellshock”) continues as we spot new developments on Shellshock-related threats and attacks.
Here is a list of our stories related to this threat:
- Shellshock: A Technical Report – this technical brief describes the vulnerability in detail, as well as outlying which platforms are affected.
- Shellshock-Related Attacks Continue, Targets SMTP Servers – vulnerable SMTP servers are being targeted by Shellshock exploit code to launch an IRC bot
- Bash Bug Saga Continues: Shellshock Exploit via DHCP – we take an in-depth look at Shellshock exploits over the DHCP protocol.
- Shellshock Vulnerability Downloads KAITEN Source Code – we are seeing attacks involving the download of source code as a method of evasion.
- Shellshock Vulnerabilities Proliferate, Affect More Protocols – attacks using Shellshock are now targeting new web services, including mail and FTP servers.
- Shellshock Exploit Attempts Continue in China – servers in China are also being targeted by Shellshock.
- Shellshock Continues to Make Waves with Active IRC Bot – IRC bots are being spread via Shellshock, hitting approximately 400 systems.
- Shellshock Updates: BASHLITE C&Cs Seen, Shellshock Exploit Attempts in Brazil – we analyze the location of C&C servers associated with a DDoS attack using this vulnerability.
- Shellshock Vulnerability Used in Botnet Attacks – certain institutions are now being hit with DDoS attacks tied to botnets that spread via Shellshock.
- Shellshock – How Bad Can It Get? – we analyze possible scenarios how Shellshock can be exploited.
- Bash Vulnerability (Shellshock) Exploit Emerges in the Wild, Leads to BASHLITE Malware – within hours of disclosure, Shellshock exploits were in the wild.
- Bash Vulnerability Leads to Shellshock: What it is, How it Affects You – initial disclosure of the vulnerability in Bash and a discussion of our solutions.