A new virus is on the scene

What’s Happened?

You have heard in the news regarding the exploit which was made public September 24 was reported and known as Shellshock or Bash Bug.

Who is affected?

The default command shell on Linux, Unix, and Mac systems is called Bash. Bash translates your commands into a language the operating system can understand. For decades, this vulnerability has existed inside Bash. On September 24, a security researcher publicly announced it for the first time.

What does Shellshock allow hacker to do?

Shellshock opened a way for attackers to take full control of your computer or server by injecting malicious requests into the Bash command process. That means if a hacker does happen to exploit this vulnerability, they can install malware to scrape your data, modify system settings, access databases, run programs, etc.

But, don’t panic quite yet. There is a difference between vulnerability and exploitability. Just because you are vulnerable, doesn’t necessarily mean attackers can access your systems. Thus far, only isolated instances of exploitability have been discovered.

“The extensiveness of the remote exploitability of Shellshock is yet unknown,” said Chad Horton, Penetration Test Manager at SecurityMetrics. “Initial research suggests this vulnerability will be most severely exploited from attackers located on the same local area network (LAN) as the victim. Which, while severe, is less of an impact than remotely exploitable vulnerabilities.”

OK, What’s the fix?

The bad news is, there’s no complete fix…yet. Some patches have been released, but have since been reported as incomplete. For now, it’s a waiting game. Only after vendors issue patches to their software can users work to stop the Shellshock vulnerability on their systems.

As most of our systems and your systems are based Microsoft Software they are not at risk we have hardened our security in response and we will continue evaluate our systems.