Cybersecurity companies use social media to communicate about Shellshock

Cybersecurity companies are taking to social media to communicate with consumers and businesses about the computer bug Shellshock, also known as Bug Bash, which emerged last week.

Cybersecurity companies are taking to social media to communicate with consumers and businesses about the computer bug Shellshock, also known as Bug Bash, which emerged last week.

Although the flaw is being compared to Heartbleed, a virus that emerged earlier this year, Shellshock could allow hackers to do much more damage, and could even affect simpler appliances such as refrigerators and cameras.

On Thursday, security software maker Symantec published a video featuring its director of security response operations, Jonathan Omansky, who talks about the malware, what the Bash vulnerability could allow, and what users need to do if they are running a vulnerable system.

"For us as consumers, [Shellshock] is important for a couple of reasons," he said in the video. "Firstly, many of the websites we interact with remotely every day reside on machines using Bash; secondly, some very popular operating systems such as MacOSX are derived from the Linux operating system that also [contains] versions of Bash."

He explained that a number of vendors have already begun developing and releasing patches for this vulnerability. For users of the MacOSX, Omansky recommended updating software when security patches become available.

Meanwhile, Symantec-owned Norton, which provides antivirus and security software, posted an infographic on Twitter on Thursday to explain how the virus works.

Web hosting company GoDaddy’s Twitter page linked to a blog that chief information security officer Todd Redfoot posted on the company’s website, which told customers what they should do about the virus.

"In most cases, [you have to do] nothing," Redfoot wrote, in response to the virus. "We began patching our servers yesterday when we learned of the vulnerability."

He added, however, that customers who have a dedicated or virtual private server with GoDaddy will need to take care of the patch themselves.

"We’re sending you instructions on how to do it and how to verify you’re good to go," wrote Redfoor. "If you want to get started now, you can follow the steps in this support article."

Cybersecurity firm Imperva also linked via tweet to a blog on its site that reassured customers that its Web application firewall products were not affected and can protect against the vulnerability.

Cloud hosting provider brightsolid’s CTO, Scott Maxwell, created a page on the website with recommendations in response to the virus and blogged that the company’s helpdesk is communicating directly with customers who are affected.
 
"Regardless of the level of managed service you have with us, we will be advising you of the potential impact of this threat and what needs to be done if you have not already taken steps to mitigate this risk," he wrote.

"This bug is horrible," Darien Kindlund, director of threat research at cybersecurity firm FireEye, wrote on the company’s blog. "It’s worse than Heartbleed in that it affects servers that help manage huge volumes of Internet traffic. Conservatively, the impact is anywhere from 20% to 50% of global servers supporting web pages."

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register
Already registered?
Sign in