The Shellshock Virus: Yet Another Way For Hackers To Steal Your Information



The emergence of a computer bug named “Shell Shock,” which is being called one of the worst computer viruses to have ever existed, has scrambled cyber security professionals into fixing a security flaw that has been built into many popular operating systems – most of which are still used today.

Governments and private companies, such as Apple, have had to take immediate action to implement steps to protect their digital infrastructure because the bug has the capability to not only allow hackers to steal private information, but to also remotely take entire control of hundreds of millions of devices worldwide.

The bug stems from a flaw in a software component called Bash, short for Bourne Again Shell, which allows users to type commands into their computer and run them. Bash has been around since the 1980’s and has been integrated into many popular operating systems, including Linux, Unix and Apple’s OS X. Bash is so widely used it is estimated that the software runs on over 50 percent of all devices that connect to the internet. What troubles security officials is that Shellshock has the capability of exploiting any system using Bash.

The National Institute of Standards and Technology has ranked Shellshock a 10 out of 10 for severity and impact. Shellshock has also been ranked “low” on its’ level of complexity, which means even inexperienced hackers can launch cyber-attacks with relative ease.

Soon after the bug was discovered, thousands of attacks on servers were launched from countries all over the world, including China and Russia. The U.S. Researchers at Incapsula, a cyber-security firm, reported:

“In the four days that have passed since the Shellshock vulnerability disclosure, Incapsula’s web application firewall has deflected over 217,089 exploit attempts on over 4,115 domains. During this period the average attack rate has nearly doubled, climbing to over 1,970 attacks per hour. As of this time, Incapsula’s system has documented Shellshock attacks originating from over 890 offending IPs worldwide.”

CloudFare, another security firm, announced that within 5 days Shellshock’s disclosure, they had tracked about 1.5 million attempts to plant malicious software on computers each day.

The online community hasn’t seen a bug as dangerous as Shellshock since a security flaw, named Heartbleed, was discovered in April.

The Heartbleed bug exists in a piece of software named OpenSSL, used to encrypt communications between a user’s computer and its corresponding web server. When exploited, Heartbleed leaks content traveling from the user to a server and vice-versa, enabling anyone with an internet connection to read the memory of systems protected by OpenSSL. This gives hackers the ability to eavesdrop into your communications, such as emails and instant messages, impersonate users and even steal data.

Although Shellshock and Heartbleed won’t affect a vast majority of users, the US Computer Emergency Readiness Team has issued a warning advising anybody using Bash to download a security patch immediately.


About Eric Bates

Eric received his B.S. in political science with an emphasis in international relations from Santa Clara University in 2012. Upon graduating, he traveled and worked for a non-profit in Central America. He is a religious viewer of Conan O’Brien and also loves traveling. Eric is attending San Jose State University's graduate school program to receive a M.A. in Journalism and Mass Communications. He can be reached at
Posted in: Technology