After gathering more than 570 million tweets, it has been found that more than 33 million, or 5.8% of them had links to malicious content of some kind or another, including links to malware, spammed ads, and phishing pages.
It seems like the floodgates have truly opened for Shellshock-related attacks. Another exploit attack has been detected, targeting a financial institution in China.
Shellshock update: more attacks that exploit the Shellshock vulnerability have been detected, including exploit attempts in Brazil that seem to be targeting government institutions.
There are new reports that mention incidents of botnet attacks that leveraged Shellshock against certain institutions. A botnet is a network of infected computers/systems.
Shortly after the Bash vulnerability known as Shellshock was discovered, we've seen attacks using it to deliver DDoS malware onto Linux systems. Bigger, badder attacks are to be expected. What are some of the other potential scenarios?
The Bash vulnerability was reportedly already being exploited in the wild, only several hours after news first broke out. At least one sampled malware is capable of launching distributed denial-of-service (DDoS) attacks.
A serious vulnerability has been found in the Bash command shell commonly used by most Linux distributions. This vulnerability allows an attacker to run commands, such as remote code execution, on an affected system.
The backdoor malware MIRAS got an upgrade from just running in 32-bit Windows operating system versions to 64-bit ones, expanding its victim range to more users of the OS. MIRAS is the same malware family linked to attacks against a Europe-based IT company.
Certain versions of Google Wallet and Alipay in-app payment SDKs contain a vulnerability that could allow phishing attacks. Our analysis of the two SDKs describes the vulnerability in detail.