Worm Burrows Into Storage Servers Via Shellshock Flaw
System administrators who have not patched their storage servers for the Shellshock flaw may have given online attackers a backdoor into their network.Attackers are targeting a popular brand of network-attached storage (NAS) systems using the well-known Shellshock vulnerability to compromise the devices and install a backdoor that automatically scans for more potential victims, according to security researchers. The attack, which qualifies as a worm, uses a previously known vulnerability in popular NAS devices made by QNAP, according to an analysis published by the SANS Institute. While the Shellshock vulnerability affects the Bourne Again Shell (BASH), a popular terminal program on Linux and Unix systems, attackers can trigger the vulnerability through other programs that use the shell for scripting. In this case, the attack exploits a Web script on the QNAP storage servers. Storage systems—many of which have a built-in Web server as a management interface—will continue to be a popular target of attackers because they typically house valuable data, Johannes Ullrich, dean of research for the SANS Technology Institute, told eWEEK. “They are pretty capable servers, but also rich in vulnerabilities and there typically is no easy way to patch them,” he said. “Also, there is no alert [that a patch is available] unless you connect to the device, which you don’t normally do.”
The critical vulnerability in the BASH program, widely known as Shellshock, was disclosed on Sept. 24. Attackers quickly began exploiting the software bug using a popular Web scripting framework known as the Common Gateway Interface (CGI). Within the first week, security firm Imperva recorded more than 36,000 campaigns seeking out and attacking systems with the vulnerability.