Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Bored hackers flick Shellshock button to OFF as payloads shrink

But beware of complacency, warn Akamai bods

Malicious and benign attacks against systems vulnerable to Shellshock had halved by Sunday after peaking three days following the bug's disclosure, Akamai researchers say.

The variety of payloads targeting vulnerable sites increased dramatically over the same period before tapering off, in a possible sign that hackers were bored with the bug.

The number of unique payloads increased from 43 on day zero to a whopping 10,716 just 24 hours later. It peaked on 27 September at 20,753 before falling off.

The numbers demonstrated the effectiveness of Shellshock as an attack vector, researchers Ezra Caltum, Adi Ludmer and Ory Segal wrote in a co-authored post.

"One of the troubling aspects of the Shellshock vulnerability is the ease of exploitation, which can be seen by the dramatic increase in the number of unique payloads between the first and the second days," they said.

"The sheer number of creative payloads also demonstrates how effective and deadly this vulnerability can be – most of the scanning and exploitation process is already fully automated.

"With such a low barrier to entry, and the simplicity of writing powerful exploits, we believe that Shellshock-based attacks are going to stay around for months if not years, and will probably top the botnet infection method charts in the near future."

Two-thirds of the 22,487 unique attacking IP addresses were from the US, with Germany, Britain and seven other countries sharing the remainder.

Almost 300,000 gaming domains made up the vast majority of Shellshock targets, with consumer electronics, email marketing among the less affected industries.

More than half of all detected Shellshock probes however were illegitimate scans of the sort conducted in unpaid security research which did not involve exploitation, while about a third were legit.

Akamai found eight percent of payloads were attempts by internet idiots to exploit Shellshock to open CD trays, play audio files, and dump nonsensical payloads.

More malicious acts including Bitcoin and database stealers made up less than one percent of payloads. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like