Shellshock: Millions of servers under attack
Shellshock: Millions of servers under attack

Millions of servers are being targeted by cyber-criminals looking to exploit the ‘Shellshock' flaw that was revealed late last week as hitting many of the world's Linux and Unix-based systems.

User companies are racing to patch their exposed servers and desktops, with Shellshock potentially affecting between one third and a half of all internet servers, as well as ‘*nix' desktops like Apple Macs.

But UK security experts have warned that users may be fatally neglecting to fix their embedded devices like routers, which are the systems most vulnerable to attack.

Security firms have tracked an avalanche of attacks since last Thursday.

In a 29 September blog post, Incapsula says it detected over 217,000 exploit attempts in four days, targeting more than 4,100 web domains.

Attacks were running at the rate of nearly 2,000 an hour, the company said, and were being launched from nearly every country in the world, with the US and China being the worst offenders.

Of the 900 attack IP addresses worldwide, nearly a fifth were in the US and over 10 percent in China, with 1.75 percent of attacks originating in the UK.

Incapsula's Ofer Gayer said around two-thirds of the attacks were scans to verify the existence of the Shellshock vulnerability, almost all of them targeted rather than automated scans.

But Gayer added that over 18 percent of the attacks were direct attempts to hijack the server, using Python or Perl scripts, while others were attempts to inject the server with DDoS malware and turn into a botnet ‘zombie', or to hijack the server with IRC bots so it could be remotely controlled from internet relay chat rooms.

Gayer said: “We strongly suggest that all administrators take steps to patch their systems, as soon as security patches are available.”