Hackers have begun exploiting the newly identified “Shellshock” computer bug, using fast-moving worm viruses to scan for vulnerable systems and then infect them, researchers warned on Thursday.
“Shellshock” is the first major Internet threat to emerge since the discovery in April of “Heartbleed,” which affected encryption software used in about two-thirds of all Web servers, along with hundreds of tech products.
The latest bug has been compared to “Heartbleed” partly because the software at the root of the “Shellshock” bug, known as Bash, is also widely used in Web servers and other types of computer equipment.
Security experts say Shell-shock is unlikely to affect as many systems as Heartbleed because not all computers running Bash can be exploited. Still, they said the new bug has the potential to wreak more havoc because it enables hackers to gain complete control of an infected machine, which lets them destroy data, shut down networks or launch attacks on Web sites.
The Heartbleed bug only allowed hackers to steal data.
The industry is rushing to determine which systems can be remotely compromised by hackers, but there are currently no estimates on the number of vulnerable systems.
Amazon.com Inc and Google Inc have released bulletins to advise Web services clients how to protect themselves from the new cyberthreat. A Google spokesman said the company is releasing software patches to fix the bug.
“We don’t actually know how widespread this is. This is probably one of the most difficult-to-measure bugs that has come along in years,” said Dan Kaminsky, a well-known expert on Internet threats.
For an attack to be successful, a targeted system must be accessible via the Internet and also running a second vulnerable set of code besides Bash, experts said.
Joe Hancock, a cybersecurity expert with insurer AEGIS in London, said in a statement that he is concerned about the potential for attacks on home broadband routers and controllers used to manage critical infrastructure facilities.
H.D. Moore, chief research officer with security software maker Rapid7, said it could take weeks or even months to determine what impact the bug would have.
“At this point we don’t know what we don’t know, but we do expect to see additional exploit vectors surface as vendors and researchers start the assessment process for their products and services,” Moore said in an e-mail. “We are likely to see compromises as a result of this issue for years to come.”
Russian security software maker Kaspersky Lab reported that a computer worm has begun infecting computers by exploiting Shellshock.
The malicious software can take control of an infected machine, launch denial-of-service attacks to disrupt Web sites and scan for other vulnerable devices, including routers, Kaspersky researcher David Jacoby said.
He said he did not know who was behind the attacks and could not name any victims.
SCHEDULE: The delegation is due to meet with President Tsai Ing-wen this morning and witness the signing of an MOU on bilateral health cooperation in the afternoon US Secretary of Health and Human Services (HHS) Alex Azar yesterday arrived in Taipei aboard a US government plane at the head of a delegation that is the highest-level visit by a US official since Washington switched diplomatic recognition to China in 1979. Azar’s flight landed at Taipei International Airport (Songshan airport) at 4:48pm, nearly one hour earlier than scheduled, the Ministry of Foreign Affairs said. The apron where it landed is reserved for military aircraft, the Songshan Air Force Base Command said. The members of Azar’s delegation included HHS Assistant Secretary for Preparedness and Response Robert Kadlec, HHS Chief of Staff Brian
CHINESE FIGHTERS: Beijing marked the US Cabinet member’s visit by briefly sending two warplanes across the median line of the Taiwan Strait yesterday morning President Tsai Ing-wen (蔡英文) yesterday met with US Secretary of Health and Human Services Alex Azar in the highest-level official meeting between the two nations since 1979. “It is a true honor to be here to convey a message of strong support and friendship from [US] President [Donald] Trump to Taiwan,” Azar said during the open portion of his courtesy call to the Presidential Office, which was streamed live online before Tsai and Azar held a closed-door meeting. “Taiwan’s response to COVID-19 has been among the most successful in the world, and that is a tribute to the open, transparent,
‘CROSS-STRAIT CONSIDERATIONS’: Groups said that the Ministry of Education’s policies excluded Chinese and students should not be blocked over political issues The Taiwan International Student Movement yesterday said it would protest today outside the Ministry of Education in Taipei against a policy that excludes some Chinese students from returning to Taiwan amid the COVID-19 pandemic. Since June 17, the ministry has allowed foreign students from 19 “low risk” and “medium-low risk” countries and regions to enter Taiwan. On July 22, it announced that it was relaxing restrictions to include students from all countries and regions who are graduating this semester and on Wednesday it further expanded entry to students enrolled in degree programs. A letter sent by the ministry on Wednesday to universities did
PARTNERSHIP AND LEARNING: A Princeton University health policy researcher said that the nation would be a ‘treasure trove’ of information for the US health chief US Secretary of Health and Human Services Alex Azar on Friday said he wants to learn about Taiwan’s “incredibly effective” response to COVID-19, even though the nation did things that the US has fumbled, such as having a unified strategy and citizens willing to wear masks. Azar leads a US delegation arriving today for a three-day visit to Taiwan. They are to meet with President Tsai Ing-wen (蔡英文) and health system leaders, and Azar is to give a speech to public health graduates. “The message of this trip is about Taiwan,” Azar said in an interview, deflecting a question about China.