Rome – The crisis Shellshock evolves more and more into a real security problem, with the first high-profile server to fall victim to unknown cyber-criminals committed to exploit the vulnerability in Bash already classified as a much more dangerous problem of ‘”apocalyptic” bug Heartbleed.
The alarm on the (first?) impairments of certain high-profile by Shellshock comes from Jonathan Hall, ex-hacker black hat now converted the consultancy that has been faced with a series of “surveys” on its systems from compromised servers.
The surveys were in search of vulnerabilities known as Shellshock, said Hall, with malicious scripts that came from systems belonging to Yahoo, Lycos and WinZip. The researcher envied a Perl script in the cgi-bin of one of the servers, next to a IRC bot with the ability to DDoS but only used to try to gain access to the indiscriminate Shell machinery of the researcher via the Shellshock vulnerability.
The comments in the code found on compromised servers are in Romanian, so the hypothesis of Hall is that crackers are originating in Romania. The researcher has warned both companies involved the FBI, with the latter said it was ready to investigate the matter.
A first response to the Yahoo mail Shellshock Hall seemed to confirm the hypothesis, but later the corporation is back on the incident circostanziando better are the facts: the cyber-criminals who compromise the company’s servers were so looking for a bug type Shellshock, but eventually identified and exploited a bug differently to implant their malicious code. Shellshock has already been patched twice and user data are secure, Yahoo has confirmed.
The discovery of vulnerabilities in Bash has made attempts to attack on command shell l ‘cracking activity and research more in vogue, and there is someone who has tried to apply the same principles of Shellshock also to Windows environments, theoretically immune to the problem: the risk, in this case, is very small and only a hacker particularly determined (and lucky) might get some concrete result as access to a file server.
Alfonso Maruccia
No comments:
Post a Comment