Bash shellcode reality

What started as an environment of function and usability on Unix systems has devolved in another security exploit mess.

US -CERT has the report for both potential exploits now (one was patched)

 

hubpluscablesall tools are there for hackers to exploit specific websites running Linux or Unix.

That means  that there are many websites that are vulnerable to this exploit right now. It seems according to the Internet Storm Center the hackers are still finding exploit code to see how they can take advantage of this situation.

According to Netcraft web survey for September there are a billion websites now and of those Nginx has a high  percentage of websites, Nginx is a reverse proxy server. The majority of websites running on the Internet are run by Apache  web software.  Apparently of the actual 1 billion domain names registered only 178 million are active websites.

Remember the  heartbleed vulnerability in April?  It is useful to look back at a vulnerability ~6 months later to see the cycle of security threat release, exploit developments as well as patching going on.  At one point there were half a million vulnerable websites to the heartbleed exploit.

 

It seems today that the potential exploit threat could be higher than half a million.

 

Please patch your systems as much as possible and review your logs for suspicious activity.

 

Contact Us if you need help.