Hackers have begun exploiting the newly identified “Shellshock” computer bug, using fast-moving worm viruses to scan for vulnerable systems and then infect them, researchers warned on Thursday.
“Shellshock” is the first major Internet threat to emerge since the discovery in April of “Heartbleed,” which affected encryption software used in about two-thirds of all Web servers, along with hundreds of tech products.
The latest bug has been compared to “Heartbleed” partly because the software at the root of the “Shellshock” bug, known as Bash, is also widely used in Web servers and other types of computer equipment.
Security experts say Shell-shock is unlikely to affect as many systems as Heartbleed because not all computers running Bash can be exploited. Still, they said the new bug has the potential to wreak more havoc because it enables hackers to gain complete control of an infected machine, which lets them destroy data, shut down networks or launch attacks on Web sites.
The Heartbleed bug only allowed hackers to steal data.
The industry is rushing to determine which systems can be remotely compromised by hackers, but there are currently no estimates on the number of vulnerable systems.
Amazon.com Inc and Google Inc have released bulletins to advise Web services clients how to protect themselves from the new cyberthreat. A Google spokesman said the company is releasing software patches to fix the bug.
“We don’t actually know how widespread this is. This is probably one of the most difficult-to-measure bugs that has come along in years,” said Dan Kaminsky, a well-known expert on Internet threats.
For an attack to be successful, a targeted system must be accessible via the Internet and also running a second vulnerable set of code besides Bash, experts said.
Joe Hancock, a cybersecurity expert with insurer AEGIS in London, said in a statement that he is concerned about the potential for attacks on home broadband routers and controllers used to manage critical infrastructure facilities.
H.D. Moore, chief research officer with security software maker Rapid7, said it could take weeks or even months to determine what impact the bug would have.
“At this point we don’t know what we don’t know, but we do expect to see additional exploit vectors surface as vendors and researchers start the assessment process for their products and services,” Moore said in an e-mail. “We are likely to see compromises as a result of this issue for years to come.”
Russian security software maker Kaspersky Lab reported that a computer worm has begun infecting computers by exploiting Shellshock.
The malicious software can take control of an infected machine, launch denial-of-service attacks to disrupt Web sites and scan for other vulnerable devices, including routers, Kaspersky researcher David Jacoby said.
He said he did not know who was behind the attacks and could not name any victims.
ROLLER-COASTER RIDE: More than five earthquakes ranging from magnitude 4.4 to 5.5 on the Richter scale shook eastern Taiwan in rapid succession yesterday afternoon Back-to-back weather fronts are forecast to hit Taiwan this week, resulting in rain across the nation in the coming days, the Central Weather Administration said yesterday, as it also warned residents in mountainous regions to be wary of landslides and rockfalls. As the first front approached, sporadic rainfall began in central and northern parts of Taiwan yesterday, the agency said, adding that rain is forecast to intensify in those regions today, while brief showers would also affect other parts of the nation. A second weather system is forecast to arrive on Thursday, bringing additional rain to the whole nation until Sunday, it
LANDSLIDES POSSIBLE: The agency advised the public to avoid visiting mountainous regions due to more expected aftershocks and rainfall from a series of weather fronts A series of earthquakes over the past few days were likely aftershocks of the April 3 earthquake in Hualien County, with further aftershocks to be expected for up to a year, the Central Weather Administration (CWA) said yesterday. Based on the nation’s experience after the quake on Sept. 21, 1999, more aftershocks are possible over the next six months to a year, the agency said. A total of 103 earthquakes of magnitude 4 on the local magnitude scale or higher hit Hualien County from 5:08pm on Monday to 10:27am yesterday, with 27 of them exceeding magnitude 5. They included two, of magnitude
CONDITIONAL: The PRC imposes secret requirements that the funding it provides cannot be spent in states with diplomatic relations with Taiwan, Emma Reilly said China has been bribing UN officials to obtain “special benefits” and to block funding from countries that have diplomatic ties with Taiwan, a former UN employee told the British House of Commons on Tuesday. At a House of Commons Foreign Affairs Committee hearing into “international relations within the multilateral system,” former Office of the UN High Commissioner for Human Rights (OHCHR) employee Emma Reilly said in a written statement that “Beijing paid bribes to the two successive Presidents of the [UN] General Assembly” during the two-year negotiation of the Sustainable Development Goals. Another way China exercises influence within the UN Secretariat is
Taiwan’s first drag queen to compete on the internationally acclaimed RuPaul’s Drag Race, Nymphia Wind (妮妃雅), was on Friday crowned the “Next Drag Superstar.” Dressed in a sparkling banana dress, Nymphia Wind swept onto the stage for the final, and stole the show. “Taiwan this is for you,” she said right after show host RuPaul announced her as the winner. “To those who feel like they don’t belong, just remember to live fearlessly and to live their truth,” she said on stage. One of the frontrunners for the past 15 episodes, the 28-year-old breezed through to the final after weeks of showcasing her unique