‘No evidence’ of attacks on new Shellshock bugs

Hackers are failing to exploit Bash flaws emerging in the wake of the Shellshock bug, according to security firm Trend Micro.

Scrutiny of the Bash command line in Linux, Unix and Mac increased following disclosure of Shellshock, which could be abused to execute system level commands, but evidence of abuse of further flaws is said to have been scarce.

Christopher Budd, communications manager at Trend Micro, said: "The most significant development [of Shellshock] is the emergence of other vulnerabilities affecting Bash.

"A total of four additional new vulnerabilities have emerged since last week. There is no evidence of any attacks yet against these new vulnerabilities and work is underway by vendors to address these."

Following the disclosure of Shellshock software vendors rushed to patch the bug, but some Linux distributors had to issue subsequent updates after further problems were found.

Hackers were thought to be scanning the internet on mass to find networks on which the bug could be exploited, and have used it to rope vulnerable machines into botnets and unleash distributed denial of service (DDoS) attacks.

While more patches have been released, Budd warned that more Bash bugs were likely to be found in the future.

"When a new technology comes into focus like this, researchers and attackers spend time looking for variants, related issues and new issues," he said.

"If that technology hasn’t been through a comprehensive, rigorous security review (and Bash appears not to have) there are other issues waiting to be found."

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing