Experts say a new computer virus called ''Shellshock'' could take control of computers and siphon untold personal data. Jeanne Yurman reports.
Security experts are racing to fend off potential attacks from a new cyber threat called "Shellshock." Also known as the "Bash Bug" for the software it exploits, hackers use the virus to scan vulnerable systems running Linux and Unix operating systems and then infect them. Two thirds of all web servers, as well hundreds of consumer and technology products, are at risk including some Mac computers. The U.S. government-backed watchdog rates it a 10 out 10 for severity. Like the "Heartbleed" virus that surfaced in April, "Shellshock" targets widely used web software. But "Shellshock" allows complete control of an infected machine, whereas "Heartbleed" only allowed hackers to spy on computers. Liam O'Murchu of Symantec. SOUNDBITE: LIAM O'MURCHU, SECURITY RESEARCHER, SYMANTEC CORP. (English) SAYING: "The worst thing that could happen is that somebody would write code that would automatically go and scan the Internet and would infect all of these computers. And once they do that well the worst thing they could do is just delete everything or shut sites down. So we could see damage from that point of view where we'd have malicious people who would just decide to cause havoc by bringing systems down." However, what these cyber criminals are likely after is information says Mashable's Lance Ulanoff. SOUNDBITE: LANCE ULANOFF, CHIEF CORRESPONDENT, MASHABLE (English) SAYING: "The people who are trying to exploit it well, they'll look for any information they can get. The end is not disruption usually but business, meaning that it's big money if you can get people's information, if you can get in the middle of these systems and get stuff that is valuable to people and maybe connects the financial or personal information." It's the type of information that hackers were after in both the Target and recent Home Depot security breaches. Consumers unfortunately are at the mercy of businesses to apply patches or fixes to prevent "Shellshock" from doing damage. Red Hat one of the world's biggest providers of open source software products has issued a patch but says it's not one-hundred percent. The good news is encrypted information should be unaffected and experts picked up on this virus early in the game. But some say this is one of the most difficult-to-measure bugs in years and it may take weeks or months to determine its ultimate impact.