Tag: bash

Attackers quick to Bash Linux

linuxAttackers have been quick to exploit the Shellshock Bash command interpreter bug and a botnet that is currently trying to infect other servers.

Italian security consultancy Tiger Security’s Emanuele Gentili said the “wopbot” botnet is active and scanning the internet for vulnerable systems, including at the United States Department of Defence.

The botnet runs on Linux servers, named “wopbot” that uses the Bash Shellshock bug to auto-infect others, he said.

It has so far been used to launch a distributed denial of service attack against servers hosted by content delivery network Akamai, and is aiming for other targets, Gentili said.

The malware has conducted a massive scan on the United States Department of Defence internet protocol address range on port 23 TCP or Telnet “for brute force attack purposes,” he said.

Gentili said Tiger Security had contacted UK provider M247 and managed to get the wopbot botnet command and control system taken down from that network.

The botmaster server for wopbot, which is hosted by US network Datawagon, is still distributing malware.

He thinks that the wopbot botnet will grow like topsy as it can infect more than 200,000 zombies in an hour or so.

The ‘Shellshock’ remotely exploitable vulnerability in the Bash Linux command-line shell was discovered yesterday, with researchers warning of its potential to become larger than the severe Heartbleed OpenSSL flaw uncovered earlier this year.

Millions of Apache webservers around the world could be at risk if their common gateway interface (CGI) scripts invoke Bash. The malware can also recruit Apple gear into the botnet without too many problems.

 

Linux security Bashed

linuxA remotely exploitable vulnerability in Linux has been found and it could be really nasty for those who depend on the operating system.

Stephane Chazelas, who found the vulnerability, has named it CVE-2014-6271, but has been dubbed Shellshock by those who like their viruses to be a little more like a Marvell super-villain.

The flaw is in Bash, which supports exporting shell variables as well as shell functions to other bash instances. It has been a feature of Linux for a long time.

Web applications like cgi-scripts may be vulnerable especially if calling other applications through a shell, or evaluating sections of code through a shell.

The problem is fixed by upgrading to a new version of bash, replacing bash with an alternate shell, limiting access to vulnerable services, or filtering inputs to vulnerable services.

However it could be a while before word gets out that bash is vulnerable and a lot of Linux systems are vulnerable.

Security experts say that this vulnerability is very bad and it will be a race to get systems upgraded before someone has a working exploit.

Tod Beardsley, engineering manager from Rapid7, said it was difficult to write a “bash bug” exploit, but not impossible.

“It’s quite common for embedded devices with web-enabled front-ends to shuttle user input back and forth via bash shells, for example — routers, SCADA/ICS devices, medical equipment, and all sorts of webified gadgets are likely to be exposed,” he said.