Report : Hackers exploit 'Shellshock' bug with worms in early attacks
Hackers have begun exploiting the newly identified 'Shellshock' computer bug, also known as Bash, using fast-moving worm viruses to scan for vulnerable systems and then infect them, researchers warned on Thursday.
'Shellshock' is the first major internet threat to emerge since the discovery in April of 'Heartbleed,' which affected encryption software used in about two-thirds of all web servers, along with hundreds of technology products.
The latest bug has been compared to 'Heartbleed' partly because the software at the heart of the 'Shellshock' bug is also widely used in web servers and other types of computer equipment.
According to security experts, 'Shellshock' is unlikely to affect as many systems as 'Heartbleed' because not all computers running Bash can be exploited. Still, they said the new bug has the potential to wreak more havoc because it enables hackers to gain complete control of an infected machine, which lets them destroy data, shut down networks or launch attacks on websites.
The 'Heartbleed' bug only allowed hackers to steal data.
The industry is rushing to determine which systems can be remotely compromised by hackers, but there are currently no estimates on the number of vulnerable systems.
Amazon.com and Google have released bulletins to advise web services customers how to protect themselves from the new cyberthreat. A Google spokesman said the company is releasing software patches to fix the bug.
'Shellshock' is the first major internet threat to emerge since the discovery in April of 'Heartbleed,' which affected encryption software used in about two-thirds of all web servers, along with hundreds of technology products.
The latest bug has been compared to 'Heartbleed' partly because the software at the heart of the 'Shellshock' bug is also widely used in web servers and other types of computer equipment.
According to security experts, 'Shellshock' is unlikely to affect as many systems as 'Heartbleed' because not all computers running Bash can be exploited. Still, they said the new bug has the potential to wreak more havoc because it enables hackers to gain complete control of an infected machine, which lets them destroy data, shut down networks or launch attacks on websites.
The 'Heartbleed' bug only allowed hackers to steal data.
The industry is rushing to determine which systems can be remotely compromised by hackers, but there are currently no estimates on the number of vulnerable systems.
Amazon.com and Google have released bulletins to advise web services customers how to protect themselves from the new cyberthreat. A Google spokesman said the company is releasing software patches to fix the bug.
