Italian security consultancy Tiger Security’s Emanuele Gentili said the “wopbot” botnet is active and scanning the internet for vulnerable systems, including at the United States Department of Defence.
The botnet runs on Linux servers, named “wopbot” that uses the Bash Shellshock bug to auto-infect others, he said.
It has so far been used to launch a distributed denial of service attack against servers hosted by content delivery network Akamai, and is aiming for other targets, Gentili said.
The malware has conducted a massive scan on the United States Department of Defence internet protocol address range on port 23 TCP or Telnet “for brute force attack purposes,” he said.
Gentili said Tiger Security had contacted UK provider M247 and managed to get the wopbot botnet command and control system taken down from that network.
The botmaster server for wopbot, which is hosted by US network Datawagon, is still distributing malware.
He thinks that the wopbot botnet will grow like topsy as it can infect more than 200,000 zombies in an hour or so.
The ‘Shellshock’ remotely exploitable vulnerability in the Bash Linux command-line shell was discovered yesterday, with researchers warning of its potential to become larger than the severe Heartbleed OpenSSL flaw uncovered earlier this year.
Millions of Apache webservers around the world could be at risk if their common gateway interface (CGI) scripts invoke Bash. The malware can also recruit Apple gear into the botnet without too many problems.