Nice find by Stephane Schazelas.
![]() | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Discussion is locked
"It has existed in the software since at least 1993 and gone unnoticed."
A honeypot run by researchers at AlienVault Labs has snared two separate pieces of malware attempting to exploit the Bash vulnerability.
One sample is a repurposed IRC bot written in Perl that is trying to build a botnet to be used in distributed denial of service attacks (DDoS), said Jaime Blasco, director of AlienVault Labs. So far, he said, there are 715 victims and there are phrases written in Romanian in the source code.
"Those pieces of malware are really repurposed from previous attacks; they didn't create them for this specific vulnerability," Blasco said. "They just updated pieces of code to infect the system. We still need to know the attack vector."
The other piece of malware downloads and executes an ELF (Executable and Linkable) binary that tries to steal system information from the compromised machine, including configuration data. It too is a DDoS bot, Blasco said. The sample tries to open a connection to a command and control server on 89[.]238[.]150[.]154 on port 5, but that server is down, Blasco said.
Continued : http://threatpost.com/honeypot-snares-two-bots-exploiting-bash-vulnerability/108578
Related:
Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks
Bash "Shellshock" bug: Who needs to worry?
Also see: As Bash damage spreads, experts warn of network attacks and an internet meltdown