Light Dark
November 18, 2014 By Shane Schick 2 min read

Security researchers worried that the Shellshock vulnerability might give cybercriminals bad ideas may be rightly concerned. Recent research suggests a variant called Bashlite is targeting BusyBox, a collection of Unix utilities.

Trend Micro was the first to reveal details about the issue, also known as ELF_BASHLITE.SMB. Researchers said attackers are using the vulnerability to control devices such as routers that deploy BusyBox by using unauthorized login credentials. Cybercriminals can use a series of downloaded scripts to take over computer equipment after they establish a connection.

Shellshock was first discovered in September and described as a bug in Bash, a popular piece of open-source software. In some cases, a simple line of code is all attackers need to break into computers and steal information. As expected, cybercriminals have been quick to seize this advantage. Besides Bashlite, an article on Dark Reading pointed out that Shellshock has also been used to hack into systems using the BrowserStack software for testing websites across Firefox, Internet Explorer and other portals.

However, Bashlite may be among the worst Shellshock exploits yet. Cybercriminals can use it to launch distributed denial-of-service attacks, according to CIO.com, which could render websites useless. In some cases, this could cost organizations as much or more than having certain information stolen from databases.

Like Heartbleed and other high-risk security holes that have emerged this year, Bashlite’s focus on BusyBox may cause increasing concerns about the safety of certain areas of open-source software. BusyBox runs not only on Linux, but also Android and FreeBSD, among other environments, offering a single executable file for resource-hungry embedded operating systems. That means that not only back-end equipment but even certain smartphones might become targets if the malware spreads.

Help Net Security suggested organizations could thwart Bashlite attacks by prohibiting remote access of devices using BusyBox, changing login credentials (avoiding such mainstays as “support,” “root” or “admin”) or simply applying any available Shellshock patches. Many companies have already put a fix in place, The Hacker News added, but there are still estimates that more than 1 billion attacks may eventually be traced back to Shellshock.

 |  |  |  |  | 
Shane Schick
Writer & Editor

More from

April 29, 2024

The major hardware flaw in Apple M-series chips

3 min read - The “need for speed” is having a negative impact on many Mac users right now. The Apple M-series chips, which are designed to deliver more consistent and faster performance than the Intel processors used in the past, have a vulnerability that can expose cryptographic keys, leading an attacker to reveal encrypted data. This critical security flaw, known as GoFetch, exploits a vulnerability found in the M-chips data memory-dependent prefetcher (DMP). DMP’s benefits and vulnerabilities DMP predicts memory addresses that the…

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature