The Bash bug, also known as 'Shellshock' has effectively managed to scare the pants off the internet and while the fear factor will no doubt subside over time, revelations such as Shellshock and Heartbleed highlight the pervasive anxiety of the digital age.
What happens if the essential plumbing of the internet is faulty? More importantly, how long have these holes been around? This infographic from Trend Micro spells out everything you need to know about Bash and Shellshock.
Heartbleed was around long before it was found and the same goes for Shellshock, while vendors have been busy rolling out patches plugging all the holes will take time and there are reports that the flaw is still active.
While vendors push the fix hacking communities across the net are equally busy looking to exploit the bug. The scale of this activity is immense, according to Trend Micro, within hours of the Bash bug going public attackers had started to test the perimeters.
“We spotted samples which are the payload of the actual exploit code. Detected as ELF_BASHLITE.A (also known as ELF_FLOODER.W), this malware is capable of launching distributed denial-of-service (DDoS) attacks,” Trend Micro said.
Shellshock creates a weak spot that serves as a backdoor for a hacker to carry out commands, take over a machine, dig into servers, steal data and deface websites. With most computers and Internet-enabled home devices such as routers, Wi-Fi radios, and even smart light bulbs running on Linux OS are most likely affected.
The scale and severity of Shellshock will keep system admin and the infosec community on its toes for months to come and while the bug is perhaps harder to exploit than Heartbleed, the hackers won’t be giving up anytime soon.