• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 4th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

Tens of Thousands of IPs still Vulnerable to New Shellshock Worm

April 13th, 2015 Waqas Security 0 comments
Tens of Thousands of IPs still Vulnerable to New Shellshock Worm
Share on FacebookShare on Twitter

Security researchers have identified a new malicious operation that can enchain hosts helpless against the Shellshock bash bug. It is the default command shell that can be located in various Linux and Unix systems.

Shellshock vulnerability was discovered in late September 2014, and is a serious threat because it lets an attacker to perform arbitrary commands in Bash simply by attaching them after a variable function.

Shell is used in various services that are web-oriented like web servers. It affects the service that makes the security defect an important and impactful one. The Shell is no less than Heartbleed in impact.

tens-of-thousands-of-ips-still-vulnerable-to-new-shellshock-worm

Although extensive media coverage has been done and patches are also available but still the Shellshock fix hasn’t been implemented by all administrators because of which their machines are vulnerable to cybercrimes.

Threat attackers were able to compromise vulnerable machines in mid-November 2014 and in December, their focus turned to QNAP NAS) network attached storage) devices. This allowed them access to the devices that weren’t patched.

Apparently, cybercriminals are now at it again since Volexity security researchers observed an intense increase in the breadth and frequency of searches for web devices vulnerable to Shellshock exploits.

On Wednesday, experts observed that the malware is equipped with script that contains list of around 26,356 IP addresses that are utilized for scanning purposes with an ELF scanning binary.

Volexity’s Steven Adair in a blogpost wrote that:

“Based on the contents of the file, it appears to be a modified version of a file called mass.c referenced as sslvuln.c that was found on a Romanian website.”

It is being speculated that Romanian attackers probably are responsible for modifying the malware components because a string in the binary that says “Nu Pot Deschide%” (can’t open it) confirms it.

When a vulnerable machine is identified it is infected and added to the scanning database. This database is actually a list of those scanned hosts that were identified as vulnerable and also those that already have been infected.

According to Adair, the most dependable pointer of malicious activity is outbound connectivity with 109.228.25.87 IP address. This address hosts a TAR archive along with necessary scripts for detecting and infecting vulnerable machines.

Updating his original post, Adair stated that the malicious files no longer are stored at the aforementioned IP address and that hackers have significantly toned down their scanning operations.

Follow @HackRead

  • Tags
  • Bash Bug
  • Malware
  • Privacy
  • security
  • Shellshock
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article SOPA & PIPA Act — Pakistan's Bizarre Approach to Counter Cyber Terrorism
Next article Filipino maid rescued from alleged rapist after Facebook plea goes viral
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Flaw allowed bypassing verification code, log in to any Microsoft account

Flaw allowed bypassing verification code, log in to any Microsoft account

Hackers hit Microsoft Exchange Server to steal email data

Hackers hit Microsoft Exchange Server to steal email data

Gootloader exploits websites via SEO to spread ransomware, trojans

Gootloader exploits websites via SEO to spread ransomware, trojans

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Flaw allowed bypassing verification code, log in to any Microsoft account
Microsoft

Flaw allowed bypassing verification code, log in to any Microsoft account

Hackers hit Microsoft Exchange Server to steal email data
Cyber Crime

Hackers hit Microsoft Exchange Server to steal email data

Gootloader exploits websites via SEO to spread ransomware, trojans
Security

Gootloader exploits websites via SEO to spread ransomware, trojans

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us