Shellshock: Everything you need to know about the latest bomb dropped on the web

Bottom of Form

Shellshock:

Everything you need to know about the latest bomb dropped on the web

What is Shellshock?

Shellshock is the latest online threat sent to disrupt us. It's a loophole that affects a piece of software called Bash found mainly in Linux^® or Unix^® operating systems as well as the Apple^® MacOS^® X. And while the Shellshock bug is more about web servers and other Internet devices, those can now be turned against your own, more personal devices.

The bug can affect you through malicious requests sent to web servers you interact with, or it can affect your devices directly over insecure Wi-Fi^® networks. Attackers can use this exploit to spread malware, steal data, turn your computer into a bot, send spam, or gain complete control over your computer.

How the exploit reaches bugged computers

A. Computers access insecure Wi-Fi^® networks:

B. Malicious requests are sent to Web servers:

A few simple steps you can take

An increasing numbers of patches are being made world-wide to stamp out the bug and prevent further exploitation, however it still makes sense to reduce your exposure and follow some simple steps to ensure you are fully protected across all your devices.

Update your

operating systems

Look out for available patches for any web-enabled devices in your home.

Look out for

unusual activity

Check your online accounts and also bear in mind that scammers will take advantage of this to send spam emails with dodgy links.

Change

your passwords

These alerts help remind us of the need to change our online passwords and have different ones for different sites to limit the risk.

Always check that the websites you visit have fixed their vulnerability beforehand

Extra steps you should take...

...if you also have a Mac^®

Apple has already released patch updates users should install – so look out for these official updates.
They have also made it clear that the bug only affects power users that take advantage of the advanced UNIX services within OS X. If the previous sentence has baffled you, then you are in the group that Apple says are not at risk.

...as a PC user

If you’re running Windows^®, it is safe to say that you're less at risk, since Windows^® doesn't run Bash, the software that has the bug.

However while you're not affected directly, you could still be at risk if the web servers of the sites you visit are compromised.

A layered approach to
online security

Staying safe online is all about layers of security. Just like we do with our homes, garden gates, front doors, alarms and safes - our online security works in the same way.

Firewall, anti-spam, antivirus, anti-malware, anti-phishing and more – all designed to help stop the things that attack us.

Your protection already includes AVG LinkScanner^®, which is designed to block access to the sorts of compromised sites that could be affected by Shellshock. Just make sure you are running the latest version. Combining our award-winning security with the tips above should keep you protected.

Make sure to follow our blog for a more in-depth look at this and other threats.

Wi-Fi^® is a trademark of Wi-Fi Alliance.
Apple^®, Mac^® and MacOS^® are trademarks of Apple Inc., registered in the US and other countries.
UNIX^® is a registered trademark of The Open Group. Linux^® is the registered trademark of Linus Torvalds in the US and other countries.
Windows^® is a registered trademarks of Microsoft Corporation in the US and other countries.
AVG LinkScanner^® is a trademark of AVG Netherlands BV in the US and other countries.