Trend Micro, a provider of security software and solutions, has unveiled security software tools to offer protection against Shellshock a.k.a. Bash Bug.
The company is offering free scanning tools to check the vulnerability in user devices or websites. Also it is offering free 30-day trials for enterprise security solutions.
Shellshock vulnerability, also known as the Bash bug, is a newly discovered security flaw that poses an immediate threat to over half a billion servers and Internet connected devices including mobile phones, routers and medical devices worldwide.
Bash, found in most versions of the Unix and Linux operating systems as well as in Mac OSX, could allow a hacker to remotely execute commands without authentication, thus enabling an attacker to take over an operating system, access confidential data, or set the stage for future attacks.
The map shows command & control servers and their IP addresses, with lines to victims (Source: Trend Micro)
Shellshock threats are much more severe than Heartbleed bug, according to Trend Micro.
“Since this situation has potential to escalate quickly, we are taking immediate preventative steps to help keep the public safe from this unprecedented vulnerability,” said Eva Chen, CEO, Trend Micro, in a statement.
“We believe the most responsible course of action is for technology users to remain calm and apply the resources made available from Trend Micro, and others, to create a strong defensive front,” Chen added. “By making our tools accessible free of charge to our customers, and beyond, we are trying to address this ‘outbreak’ to stop a possible epidemic before it can start.”
One of the free tools offered by Trend Micro is the on-demand BashLite Malware Scanner, to determine if the BashLite malware is resident on your Linux systems.
ShellShock Vulnerability Scanner, another free tool from Trend Micro, allows you to scan your website to assess whether it is vulnerable to the ShellShock vulnerability.
Trend Micro is also offering the tools to protect different browsers and devices against the Bash bug threat. They include tools like IE & Chrome Shellshock detector extensions, Android-Shellshock scanning tool, and Mac OS X- Shellshock detector.
The company is offering a free 30-day trial for two solutions for enterprise customers. They include InterScan Web Security as a Service, which blocks C&C communications and access to websites affected by Shellshock, and Deep Security as a Service designed for enterprise cloud providers to virtually patch their cloud services.