Our friends at Ars Technica report that a worm exploiting the Shellshock bug is infecting network-attached storage devices manufacturered by QNAP.  An update released by QNAP in October patches this vulnerability, but apparently many systems remain unpatched at present.  Falcon Computer Consulting LLC recommends immediately patching your systems if you use QNAP devices, checking them to ensure they haven't already been infected, and deploying some sort of security solution to protect against future exploits and infections.  


Further, Falcon Computer Consulting LLC always recommends that you ensure your systems (desktops/laptops, servers, mobile devices, and any other network or critical devices) and online services/sites be kept up-to-date with patches and security fixes.  Our firm can provide assistance with this worm as well as general security-related updates and protection for all your systems and critical infrastructure.  Feel free to contact us for additional information and support.



Worm exploits nasty Shellshock bug to commandeer network storage systems

   courtesy of Ars Technica


Compromised systems carry out click fraud, patched to prevent further attacks.


Criminal hackers are actively exploiting the critical shellshock vulnerability to install a self-replicating backdoor on a popular line of storage systems, researchers have warned.


The malicious worm targets network-attached storage systems made by Taiwan-based QNAP, according to a blog post published Sunday by the Sans Institute. The underlying shellshock attack code exploits a bug in GNU Bash that gives attackers the ability to run commands and code of their choice on vulnerable systems. QNAP engineers released an update in October that patches systems against the vulnerability, but the discovery of the worm in the wild suggests a statistically significant portion of users have yet to apply it.