Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

- Collapse -
For those that want to know more.
Sep 24, 2014 11:56PM PDT
- Collapse -
Stephane Chazelas......
Sep 26, 2014 3:31AM PDT
- Collapse -
My takeaway? 1993.
Sep 26, 2014 3:43AM PDT

"It has existed in the software since at least 1993 and gone unnoticed."

- Collapse -
Honeypot Snares Two Bots Exploiting Bash Vulnerability
Sep 26, 2014 2:32AM PDT

A honeypot run by researchers at AlienVault Labs has snared two separate pieces of malware attempting to exploit the Bash vulnerability.

One sample is a repurposed IRC bot written in Perl that is trying to build a botnet to be used in distributed denial of service attacks (DDoS), said Jaime Blasco, director of AlienVault Labs. So far, he said, there are 715 victims and there are phrases written in Romanian in the source code.

"Those pieces of malware are really repurposed from previous attacks; they didn't create them for this specific vulnerability," Blasco said. "They just updated pieces of code to infect the system. We still need to know the attack vector."

The other piece of malware downloads and executes an ELF (Executable and Linkable) binary that tries to steal system information from the compromised machine, including configuration data. It too is a DDoS bot, Blasco said. The sample tries to open a connection to a command and control server on 89[.]238[.]150[.]154 on port 5, but that server is down, Blasco said.

Continued : http://threatpost.com/honeypot-snares-two-bots-exploiting-bash-vulnerability/108578

Related:
Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks
Bash "Shellshock" bug: Who needs to worry?

Also see: As Bash damage spreads, experts warn of network attacks and an internet meltdown