The year is about to end, but serious threats like Shellshock is "far from over". Cyber criminals are actively exploiting this critical GNU Bash vulnerability to target those network attached storage devices that are still not patched and ready for exploitation.

 

Security researchers have unearthed a malicious worm that is designed to plant backdoors on network-attached storage (NAS) systems made by Taiwan-based QNAP and gain full access to the contents of those devices.

 

The worm is spread among QNAP devices, which run an embedded Linux operating system, by the exploitation of the GNU Bash vulnerability known as ShellShock or Bash, according to security researchers at the Sans Institute.

 

QNAP vendor released a patch in early October to address the flaw in its Turbo NAS product, but because the patches are not automatic or easy to apply for many users, so a statistically significant portion of systems remain vulnerable and exposed to the Bash bug.