Malware is circulating that exploits the shellshock security vulnerability

Updated -

A variety of malware is in circulation that exploits systems that are not fully patched for the shellshock security vulnerability. Some of this malware is connecting vulnerable systems to a distributed denial-of-service (DDoS) botnet. Please ensure that your systems are all fully patched to ensure you are not susceptible to this malware.

To determine whether your systems are vulnerable to the shellshock vulnerability, use Red Hat's Shellshock Vulnerability Detector.

Even if your systems are no longer vulnerable, they may have been previously compromised. To determine whether your systems are infected with shellshock malware, it is recommended that you perform a scan using a third-party anti-virus tool of your choosing. There are multiple articles analyzing particular malware variants that exploit the shellshock vulnerability.

If your systems are already compromised by shellshock-based malware, you need to take immediate action. You can't be certain exactly what that attacker has changed or installed on your system. You should back up your data, image storage devices, and reinstall from scratch to ensure no trace of the attacker is left on your system. This guide from CERT will give you more details about the process you should follow in recovering from a compromise:

Was this helpful?

We appreciate your feedback. Leave a comment if you would like to provide more detail.
It looks like we have some work to do. Leave a comment to let us know how we could improve.

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.