Menu
Shellshock attacks target QNAP's network storage, FireEye says

Shellshock attacks target QNAP's network storage, FireEye says

A backdoor gives hackers full control over the NAS device, according to the security vendor

If a Shellshock attack against a QNAP device is successful, a shell script is downloaded that gives attackers persistent access, FireEye said.

If a Shellshock attack against a QNAP device is successful, a shell script is downloaded that gives attackers persistent access, FireEye said.

FireEye has detected Shellshock attacks against network-attached storage devices made by Taipei-based QNAP and used by universities and research institutes in Korea, Japan and the U.S.

The security vendor said the attacks are some of the first seen using Shellshock targeting embedded Linux, which QNAP's devices run, James T. Bennett and J. Gomez of FireEye wrote in a blog post on Wednesday.

"These attacks result in the hackers having a root level remote shell, gaining full access to the contents of the NAS," they wrote.

QNAP's storage products are used for a variety of applications, including professional video surveillance systems using IP cameras.

Shellshock is a two-decades-old flaw in Bash, a command-line shell processor present in most Unix and Linux systems. Its discovery last week has set off a scramble to assess the potential risk, as it is easy to exploit and gives attackers full control over a vulnerable server.

QNAP warned on Sunday that its Turbo NAS products were vulnerable, advising administrators to disable Web administration, Web server, WebDAV and other applications and services that use a Web-based interface.

FireEye said taking that precaution may not mitigate the threat, as attackers could find another vulnerable entry point into an organization's systems and laterally move in order to find a NAS device.

The attack tries to get NAS devices to download a script from a remote server. That script then uploads an SSH (secure shell) key to the local authorized_keys file, which allows the hackers to log in without a password in the future, FireEye wrote.

Also installed is an ELF executable, which is a Linux backdoor that provides shell access. FireEye said that file is named "term_x86_64" or "term_i686." The servers hosting the malware are in the U.S. and Korea.

In some instances, the backdoor listens for a connection on port 58273. The backdoor serves up a shell if a packet is sent with the text "IAMYOURGOD," FireEye wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityFireEyeExploits / vulnerabilitiesmalware

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments