I mentioned the Shellshock vulnerability earlier this week, and since more and more users/organizations are proclaiming attacks on their systems. Shellshock is without a doubt one of the worst vulnerabilities in recent years, and it seems it’s gotten worse already. Apparently, a Botnet code named “Mayhem” is already causing havoc. Mayhem is delivered via a PHP script, and is contained within a malicious ELF (Executable and Linkable Format) binary file, like a common .EXE file. It should be noted that there are separate malicious binaries for both the 32-bit and 64-bit architectures. The best way to avoid the Shellshock vulnerability and “Mayhem” is to keep systems up to date, and avoid malicious web sites at all costs.
More information can be found here: