Incapsula: Hackers have carried out more than a billion attacks exploiting a ShellShock vulnerability

Most of all such attacks took place on the territory of the United States or China. Since the discovery of a critical vulnerability ShellShock ,last week occurred a tremendous amount of cyber attacks that exploit this flaw. It was stated in the blog of Incapsula company.

According to Incapsula, within a few days after the discovery of the breach firewalls reflected over 217,000 attempts to exploit  ShellShock on more than 4100 domains. Nevertheless, the company believes that the total number of attacks may exceed one billion.

Everything you need to know about the Shellshock Bash bug

Remember Heartbleed? If you believe the hype today, Shellshock is in that league and with an equally awesome name albeit bereft of a cool logo (someone in the marketing department of these vulns needs to get on that). But in all seriousness, it does have the potential to be a biggie and as I did with Heartbleed, I wanted to put together something definitive both for me to get to grips with the situation and for others to dissect the hype from the true underlying risk.

Hackers Are Already Using the Shellshock Bug to Launch Botnet Attacks

With a bug as dangerous as the “shellshock” security vulnerability discovered yesterday, it takes less than 24 hours to go from proof-of-concept to pandemic.

As of Thursday, multiple attacks were already taking advantage of that vulnerability, a long-standing but undiscovered bug in the Linux and Mac tool Bash that makes it possible for hackers to trick Web servers into running any commands that follow a carefully crafted series of characters in an HTTP request. The shellshock attacks are being used to infect thousands of machines with malware designed to make them part of a botnet of computers that obey hackers’ commands. And in at least one case the hijacked machines are already launching distributed denial of service attacks that flood victims with junk traffic, according to security researchers.