 "Akamai advisory says Shellshock being used to build a DDoS botnet")
A new cybersecurity threat advisory from Akamai Technologies alerts enterprises to a DDoS botnet-building operation by attackers taking advantage of the Shellshock Bash bug in Linux-based, Mac OS X and Cygwin systems.
Failure to take action can result in a vulnerable system being used to propagate a DDoS botnet, launch DDoS attacks, exfiltrate confidential data and run programmes on behalf of attackers, according to the advisory released through Akamai’s Prolexic Security Engineering & Response Team (PLXsert).
[caption id=“attachment_77813” align=“alignleft” width=“380”]
 Image: Thinkstock[/caption]
“PLXsert has observed the DDoS botnet-building operation of an attacker using Shellshock to gain access to and control Linux-based systems.” said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. “We are sharing this information to help enterprises patch their systems to prevent unauthorised access and use by this botnet. Akamai customers have multiple options to minimise the risk of a breach and to mitigate DDoS attacks enabled by this vulnerability.”
Malicious actors are using the Bash bug vulnerability, which is reportedly present in GNU Bash versions 1.03 through 4.3, to download and execute payloads on victim machines. These payloads include executable files and script files written in programming languages such as Perl, Python or PHP. The dropped files are capable of launching DDoS attacks, stealing sensitive information and moving laterally across internal networks to breach other systems. In addition, malicious attackers have implemented backdoor functionality to gain unrestricted access to victim machines in the future.
PLXsert recorded an actual IRC conversation of a botnet-building operation that uses the Shellshock vulnerability to add new bots to a botnet. The observed botnet involved 695 bots. IRC channels #p and #x were used to issue commands, and new bots were requested to join channel #new.
Web applications that use the Common Gateway Interface (CGI) method to serve dynamic content are at risk for the Bash bug. It is important to check internal and external web servers for this type of application and others that may potentially pass input to Bash. The Shellshock vulnerability has also been exploited in OpenSSH (OpenBSD Secure Shell), a set of computer programs that provides encrypted communication sessions. In this case the vulnerability is exploited after authentication, which lowers the risk of exploitation but should still be considered high risk.
Enterprises must update and patch vulnerable hosts as soon as possible. Some of the earlier patches were insufficient. It is important to obtain and apply the latest patch from the operating system developer. Fully patched, remote exploitation attempts of this type will be unsuccessful.
PLXsert anticipates further infestation and the expansion of this DDoS botnet.
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
 "Russian drones over Poland: Trump’s tepid reaction a wake-up call for Nato?")
 "As Russia pushes east, Ukraine faces mounting pressure to defend its heartland")
 "Why Mossad was not on board with Israel’s strike on Hamas in Qatar")
 "Turkey: Erdogan's police arrest opposition mayor Hasan Mutlu, dozens officials in corruption probe")
](https://images.firstpost.com/wp-content/uploads/2014/02/CybersecurityHacker_380.jpg){kind=link}