Shellshock vulnerability threat bleeding heart hackers have been attacked


technology news Beijing time on September 26th morning news Thursday, the researchers warned that hackers have begun to use the latest "Shellshock" computer system vulnerabilities, vulnerability scanning with worms, and infection of these systems.

influence range

Shellshock is following the April this year, bleeding heart loophole, the industry’s first major Internet threats found. Because of the impact of the OpenSSL encryption software is used in about 2/3 of the world’s web servers, so the impact of a wide range of.

The extent of the threat of the latest

this vulnerability is comparable to "bleeding heart", to a certain extent because of the impact of the Shellshock Bash software, it is widely used with various types of network servers and other computer equipment.

but security experts said, because not all computers running Bash vulnerabilities, so the number of affected systems may be less than the heart bleeding". However, the destruction of Shellshock itself is even greater, because hackers can take full control of the infected machine, not only can destroy data, or even turn off the network, or attack on the site.

Compared with

, bleeding heart loophole will only lead to data leakage.

technology industry is stepping up to determine which systems may be remotely exploited by hackers, but it is impossible to estimate the number of affected systems. "We don’t really know how broad the spread is, which is probably one of the most difficult to assess in recent years." Well known internet security expert Dan · Kaminski (Dan Kaminsky) said.

experts said that to successfully launch attacks, the target system must access the Internet, but also to run outside the Bash second groups of loopholes in the code.

"there’s a lot of speculation about which systems will be affected, but we don’t know the answer yet." Network security company BeyondTrust CTO Mark · (Marc Maiffret) Lee Teuk Mai Fu said, "this is likely in the next few weeks or months gradually clear."

target device

Network security experts

insurance company AEGIS Joe · Hancock (Joe Hancock) said he was worried that home broadband router, and a controller for managing critical infrastructure, are likely to attack.

"in some areas, the problem may be difficult to fix, because a lot of embedded devices can not be regularly upgraded, and even can not hit the patch." Hancock said.

security software developer Rapid7 chief research officer Moore (HD), said it would take weeks or even months to determine the specific impact of the vulnerability.


Recommended Reading


Your email address will not be published. Required fields are marked *