Attackers Rush to Exploit Bash Flaw Before Systems Are Patched
Attackers use the bug in Bash to scan for vulnerable servers, augment backdoor Trojans and create botnets, aiming to strike before the systems are patched.As companies and software developers rush to patch vulnerabilities in the Bourne Again Shell, or Bash, attackers have already incorporated exploit code into a variety of tools, from network scanners to malware, attempting to urgently exploit the vulnerabilities before the lion's share of systems are patched. Web security firm CloudFlare, for example, has seen 1.5 million attacks each day against the bash vulnerability, which is popularly known as Shellshock. Cloud security rival Incapsula estimates that attacks have targeted approximately 4 percent of its customer base, according to data on the probe attempts released by the firm on Sept. 29. While many of the "attacks" could be site owners testing their servers for the vulnerability, three major spikes in network events represent widespread scanning efforts, Marc Gaffan, Incapsula co-founder and chief business officer, told eWEEK. "If you extrapolate, you are going to get a very, very large number of Websites being targeted," he said. Less than a week after the widespread vulnerability first became known, companies are rushing to patch the flaw in how Bash handles certain types of parameters, known as environmental variables. Many types of software, such as the Common Gateway Interface (CGI) used to add dynamic content to Websites, execute shell commands and so have an existing link to Bash.
It took five days for the original flaw to be fully patched. On September 30, Apple issued its patch for Mac OS X.