Another day, another serious security issue dominating the news headlines. This time it’s a computer flaw known as Shellshock, which allows hackers to create malicious worms that can access computers that run on the Unix operating system.

The 'Bash bug'

Shellshock, also known as the ‘Bash bug’, exploits a vulnerability in the operating system’s code to take control of computers and modify key information. This is especially worrying as it’s not just Linux which runs on Unix, but also Apple’s Mac OS. All Apple Mac’s are susceptible, and industry experts also suspect that around half the world’s websites are also at risk. In turn, it is thought that it has the potential to infect all computers connected to the internet. Experts currently believe that 500 million machines are at risk – and that’s a conservative estimate.

The reason for Shellshock’s proliferation is due to a flaw in Bash – which stands for Bourne Again Shell. It’s the Unix version of the .cmd command prompt for Microsoft operating systems, as it allows users to control programs. And now, that flaw gives control to hackers too. All it takes is a few lines of code and a well-versed computer user can effortlessly access a computer’s most confidential areas. Incredibly, it seems, the Shellshock flaw has been around for over 20 years!

'Worse than Heartbleed'

The flaw has been described as worse than Heartbleed, which was revealed last Spring, because where Heartbleed allowed hackers to simply spy on computer users, Shellshock can actively control devices. Running in the background, infected users wouldn’t even know they had a problem as hackers begin sending unsolicited emails from their accounts, turning on webcams or using the microphone to listen in to private conversations. It can also be used to re-direct website users to malicious sites, or used to gather data which can then be sold on to other cyber criminals. Patches are being rolled out by website and server owners, although Apple have claimed that Mac and iPhone users are not at risk unless they’ve updated to more advanced Unix services.

If you’re concerned about your overall IT systems, here at Tristar IT we offer all manner of IT support in London. Simply contact us today on 01707 378453 or email sales@tristarsupport.co.uk and receive a no-obligation quotation for all your IT support needs.