The persistence of the Shellshock vulnerability remains high more than a month after it first surfaced. The latest attacks involved SMTP servers belonging to web hosts. Attackers are using Shellshock exploits targeting the now infamous vulnerability in Bash in order to drop a perl script onto compromised computers.
The script adds the hacked computers to a botnet that receives its commands over IRC. The attack leverages Shellshock as a main attack vector through the subject, body, to, from fields. Once compromised, a perl botnet is activated and beaconing on IRC for further instructions.Read more