Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks - WIRED
Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks - WIRED
WIRED, By Andy Greenberg
With a bug as dangerous as the “shellshock” security vulnerability discovered yesterday, it takes less than 24 hours to go from proof-of-concept to pandemic.
As of Thursday, multiple attacks were already taking advantage of that vulnerability, a long-standing but undiscovered bug in the Linux and Mac tool Bash that makes it possible for hackers to trick Web servers into running any commands that follow a carefully crafted series of characters in an HTTP request. The shellshock attacks are being used to infect thousands of machines with malware designed to make them part of a botnet of computers that obey hackers’ commands. And in at least one case the hijacked machines are already launching distributed denial of service attacks that flood victims with junk traffic, according to security researchers.
The attack is simple enough that it allows even unskilled hackers to easily piece together existing code to take control of target machines, says Chris Wysopal, chief technology officer for the web security firm Veracode. “People are pulling out their old bot kit command and control software, and they can plug it right in with this new vulnerability,” he says. “There’s not a lot of development time here. People were compromising machines within an hour of yesterday’s announcement.”
Wysopal points to attackers who are using a shellshock exploit to install asimple Perl program found on the open source code site GitHub. With that program in place, a command and control server can send orders to the infected target using the instant messaging protocol IRC, telling it to scan other networked computers or flood them with attack traffic. “You install it on the server that you’re able to get remote command execution on and now you can control that machine,” says Wysopal.
The hackers behind another widespread exploit using the Bash bug didn’t even bother to write their own attack program. Instead, they rewrote a proof-of-concept script created by security researcher Robert David Graham Wednesday that was designed to measure the extent of the problem. Instead of merely causing infected machines to send back a “ping” as in Graham’s script, however, the hackers’ rewrite instead installed malware that gave them a backdoor into victim machines. The exploit code politely includes a comment that reads “Thanks-Rob.”
The “Thanks-Rob” attack is more than a demonstration. The compromised machines are lobbing distributed denial of service attacks at three targets so far, according to researchers at Kaspersky Labs, though they haven’t yet identified those targets. The researchers at the Russian antivirus firm say they used a “honeypot” machine to examine the malware, locate its command and control server and intercept the DDoS commands it’s sending, but haven’t determined how many computers have already been infected. Read more.
Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks - WIRED
Kaspersky
Related Articles Business News
Kaspersky Lab Joins Forces with Merchant Risk Council to Help Combat eCommerce Fraud
As part of its mission to tackle online fraud, Kaspersky Lab has become the latest company to join forces with the Merchant Risk Council as Premier Solution Provider.Read More >Kaspersky Lab North America Recognized on CRN’s 2018 Security 100 List
Kaspersky Lab North America announced today that CRN®, a brand of The Channel Company, has named Kaspersky Lab to its third annual Security 100 list for endpoint security.Read More >Kaspersky Lab North America Releases its Inaugural Corporate Social Responsibility Report
Woburn, MA – December 19, 2017 – Kaspersky Lab North America today released its inaugural Corporate Social Responsibility Report, profiling the company’s continued commitment to volunteerism and philanthropy in the region over the past 12 months.Read More >