Latest Shellshock Attack Uses Bashlite to Target Devices Running BusyBox

November 18, 2014 @ 9:45 AM
| |
2 min read

Security researchers worried that the Shellshock vulnerability might give cybercriminals bad ideas may be rightly concerned. Recent research suggests a variant called Bashlite is targeting BusyBox, a collection of Unix utilities.

Trend Micro was the first to reveal details about the issue, also known as ELF_BASHLITE.SMB. Researchers said attackers are using the vulnerability to control devices such as routers that deploy BusyBox by using unauthorized login credentials. Cybercriminals can use a series of downloaded scripts to take over computer equipment after they establish a connection.

Shellshock was first discovered in September and described as a bug in Bash, a popular piece of open-source software. In some cases, a simple line of code is all attackers need to break into computers and steal information. As expected, cybercriminals have been quick to seize this advantage. Besides Bashlite, an article on Dark Reading pointed out that Shellshock has also been used to hack into systems using the BrowserStack software for testing websites across Firefox, Internet Explorer and other portals.

However, Bashlite may be among the worst Shellshock exploits yet. Cybercriminals can use it to launch distributed denial-of-service attacks, according to CIO.com, which could render websites useless. In some cases, this could cost organizations as much or more than having certain information stolen from databases.

Like Heartbleed and other high-risk security holes that have emerged this year, Bashlite’s focus on BusyBox may cause increasing concerns about the safety of certain areas of open-source software. BusyBox runs not only on Linux, but also Android and FreeBSD, among other environments, offering a single executable file for resource-hungry embedded operating systems. That means that not only back-end equipment but even certain smartphones might become targets if the malware spreads.

Help Net Security suggested organizations could thwart Bashlite attacks by prohibiting remote access of devices using BusyBox, changing login credentials (avoiding such mainstays as “support,” “root” or “admin”) or simply applying any available Shellshock patches. Many companies have already put a fix in place, The Hacker News added, but there are still estimates that more than 1 billion attacks may eventually be traced back to Shellshock.

Shane Schick
Writer & Editor
Shane Schick is a contributor for SecurityIntelligence.