Report: Criminals use Shellshock against mail servers to build botnet
Targeting message transfer agents (MTAs), and mail delivery agents (MDAs), criminals are using Shellshock as a means to create botnets. The process is slow, but working, thanks to unpatched installations of Bash or certain implementations of it.
When it was disclosed in September, Shellshock – the common name given to a vulnerability in Bash that enables command execution – impacted systems both large and small, creating ripples across the tech industry.
Vendors struggled to release and maintain patches. For several days after the initial disclosure, researchers found ways to bypass the fixes, leading to the publication of four additional CVE advisories related to the main flaw.