First Shellshock botnet attacks Akamai, US DoD networks

By

Wopbot on the rampage.

Attackers have been quick to exploit the Shellshock Bash command interpreter bug disclosed yesterday by building a botnet that is currently trying to infect other servers, according to a security researcher.

First Shellshock botnet attacks Akamai, US DoD networks

The "wopbot" botnet is active and scanning the internet for vulnerable systems, including at the United States Department of Defence, chief executive of Italian security consultancy Tiger Security, Emanuele Gentili, told iTnews.

"We have found a botnet that runs on Linux servers, named “wopbot", that uses the Bash Shellshock bug to auto-infect other servers," Gentili said.

Wopbot has so far launched a distributed denial of service attack against servers hosted by content delivery network Akamai, and is also aiming for other targets, according to Gentili.

"Analysing the malware sample in a sandbox, we saw that the malware has conducted a massive scan on the United States Department of Defence Internet Protocol address range on port 23 TCP or Telnet for brute force attack purposes," he said.

The US DoD network in question is the 215.0.0.0/8 range, with approximately 16.7 million addresses.

Gentili said Tiger Security had contacted UK provider M247 and managed to get the wopbot botnet command and control system taken down from that network.

However, the botmaster server for wopbot - hosted by US network Datawagon - is still up and distributing malware, Gentili said.

He was unable to say how many systems are involved in the wopbot botnet, but he believes the number could increase very fast.

"Unfortunately is not easy for us say how many servers has been infected, but in the past I observed that similar botnets were able to infect more than 200,000 zombies in an hour or so," Gentili said.

The 'Shellshock' remotely exploitable vulnerability in the Bash Linux command-line shell was discovered yesterday, with researchers warning of its potential to become larger than the severe Heartbleed OpenSSL flaw uncovered earlier this year.

Millions of Apache webservers around the world could be at risk if their common gateway interface (CGI) scripts invoke Bash.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
botnetddoslinuxsecurityshellshock

Sponsored Whitepapers

Centralized Remote Connectivity for State & Local Government
Centralized Remote Connectivity for State & Local Government
Global Employee Experience Trends Report
Global Employee Experience Trends Report
State of workplace technology - AI in IT
State of workplace technology - AI in IT
Case Study: University of Wollongong
Case Study: University of Wollongong
Redrawing the battle lines with Cisco AI Assistant for Security
Redrawing the battle lines with Cisco AI Assistant for Security

Most Read Articles

AFP arrests man over alleged creation and sale of 'Firebird' RAT

AFP arrests man over alleged creation and sale of 'Firebird' RAT
Telstra customers' details included in leaked data file

Telstra customers' details included in leaked data file
NAB tables free year of Crowdstrike access to small business customers

NAB tables free year of Crowdstrike access to small business customers
Defence counts $1.5bn-plus investment for enterprise data and ICT

Defence counts $1.5bn-plus investment for enterprise data and ICT

Digital Nation

How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
State of Security 2023
State of Security 2023
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data

Log In

  |  Forgot your password?