Shellshock Virus

Shellshock Virus

Big Ideas

View More
October 15 2014
Big Ideas
Author: Arrie Sturdivant
Shellshock is the new virus that is threatening to attack millions of vulnerable computers running on Linux, Unix and OS X servers. The virus was found in a software program called Bash, which is universally used by Internet-connected devices, like home routers, IP cameras, tablets and Android devices. Bash has been around for decades and is used primarily in servers and other hardware. Shellshock threatens to attack 20 to 50 percent of the world’s global servers supporting webpages. 
The CVSS (Common Vulnerability Scoring System) has given Shellshock a 10/10 rating for its severity and low complexity rating – meaning, the virus is very easy to exploit. 
Cloudfare has reported seeing 10 to 15 attacks per second, mainly coming from France. Most hackers are using a reconnaissance attack that involves sending a command to a third-party machine. The third-party machine analyzes the data and collects a list of vulnerable machines that have come in contact. Once the hacker has verification of a vulnerable server, they can prepare to exploit the site.
Unlike Heartbleed, where hackers were able to view personal information, Shellshock has the ability to have complete control over your device. Hackers can send malicious software and steal sensitive information such as confidential reports and financial data.
News of the virus has sent the cyber world into a frenzy. Security researchers are actively monitoring servers - running script, creating mock attacks and rolling out software updates to help fight against the attack of exposed servers.
Apple has released software to fix the Bash bug and issued a statement in late September stating they don’t believe most of its users are affected, as OS X systems are safe by default and not exposed to remote exploits of Bash.
All anyone can do is watch for security updates, be cautious of emails requesting information or instructing to run new software and actively monitor servers to prevent the risk of infection.
Sherpa has close to 20 years of experience developing and creating secure websites for our clients. Against all pressure to fall in line with companies jumping onto the open-source bandwagon, at Sherpa we strictly run websites and applications built on a custom-built content management system (CMS) in the Microsoft stack. The security offered by a custom-built CMS proves itself time and time again.
- Arrie Sturdivant 

Sign up to get the latest content!

If you wish to receive information from Sherpa relevant to you and/or your organization going forward, please provide your first name, email address, and consent.

You may withdraw your consent at any time at the following address below or by clicking unsubscribe.

Sherpa Marketing Inc. Attn: Privacy Officer
500 - 211 Bannatyne Ave. Winnipeg, MB. R3B 3P2, Canada