[ISN] Shellshock DDoS Attacks Spike

http://www.bankinfosecurity.com/shellshock-ddos-attacks-spike-a-7365 By Mathew J. Schwartz Bank Info Security September 29, 2014 Distributed-denial-of-service attacks that target the Bash flaws known as Shellshock have spiked in recent days. “We’re seeing north of 1.5 million #shellshock attacks across the @CloudFlare network daily,” says Matthew Prince, CEO of the content delivery network and DDoS defense firm CloudFlare. Prince says that count is determined by the company’s Web application firewall detecting attempted attacks that use the Shellshock flaw. Shellshock-targeting DDoS attacks and IRC bots were spotted less than 24 hours after news about the Bash bug went public last week. Since then, security software vendor Trend Micro says it’s also seen Shellshock-related IP address probes directed against unnamed institutions in Brazil, as well as at least one financial services firm in China. “Attackers were trying to see if several IPs owned by the institution were vulnerable to a Shellshock vulnerability, specifically CVE-2014-6271. Further analysis revealed that three of the tested IPs were possibly vulnerable, as the attackers tried to use the command … ‘uname’ [to display] system information, including the OS platform, the machine type, and the processor information.” To date, however, the security software vendor hasn’t seen the exploit being used to deliver malware payloads. “At first glance, retrieving system information might seem harmless,” Trend Micro says. But this reconnaissance “could possibly be a sign of preparation for … more damaging attacks.” […]