Researchers at Trend Micro have discovered another new ShellShock, or Bash bug, attack that uses emails to deliver the exploit.
The attack starts when an attacker creates a custom email with Shellshock malicious code inserted into various email fields, according to a blog post. The email is then sent to potentially vulnerable Simple Mail Transfer Protocol (SMTP) servers where, if vulnerable, the email will embed the Shellshock payload and upload and execute an IRC bot known as, “JST Perl IrcBot.” A connection is also established with an IRC server.
Attackers could use this bot to launch spam runs, perform distributed denial-of-service (DDoS) attacks, or run Unix commands. So far, this attack has been spotted primarily in Taiwan and Germany, as well as in the U.S.
The researchers recommend that IT administrators block related IPs and domains related to the attack.