Skip to content

Get FREE protection for Shellshock

What you need to know about Shellshock (Bash bug)

The Shellshock vulnerability, also known as the Bash bug, is a newly discovered security flaw that poses an immediate threat to over half a billion servers and devices worldwide. Bash, found in most versions of the Unix and Linux operating systems as well as in Mac OSX, could allow a hacker to remotely execute commands without authentication, thus enabling an attacker to take over an operating system, access confidential data, or set the stage for future attacks. Read our full coverage.

The map at right shows command & control servers and their IP addresses, with lines to victims. Criminals use C&C servers to manage victims they’ve compromised—a typical botnet scenario.

Shellshock Technical Report

Shellshock: An in-depth technical report

Get an in-depth analysis of the attack scenarios of the menacing Bash bug and specific recommendations on thwarting the threat.


What you need to know about Shellshock (a.k.a Bash Bug)

The Shellshock vulnerability (also known as Bash Bug) will have a widespread impact for any organization or user that has Bash enabled on a server, desktop, or device. This includes over 500 million web servers on the Internet today. Shellshock (CVE-2014-6271 and CVE-2014-7169) is found in Bash, the dominant shell for Unix and Linux (default), and can also be found in Mac OS X, some Windows server deployments, and even Android. It enables remote code injection of arbitrary commands without authentication, which can then allow malicious code execution that could be used to take over an operating system, access confidential data, or set the stage for future attacks.

Get the facts

Webinar: Don't Get Rocked by Shellshock

In this webinar, JD Sherry, Trend Micro VP of Technology & Solutions, and Steve Neville, Trend Micro Director of Cloud & Data Center will be talking about the security implications of the Shellshock vulnerability to affected systems.
Register for the webinar


Shellshock Blog Series

With the discovery of the Shellshock vulnerability comes several risks that users, both in the enterprise and consumer spaces, need to be aware of. We break down Shellshock—what it is, what is involved, and how to defend against it—into a series of digestible blogs.


Shellshock Simplified

Get a streamlined overview of Shellshock and its repercussions to security. The following resources give you everything you need to know about the threat in a glance.

Infographic: A quick guide to Shellshock

Shellshock Infographic

The US National Vulnerability Database rated the threat 10/10 in severity. How can the biggest exploit since Heartbleed reach your computer? And how can you shield yourself from it? Learn what our experts suggest.



What you need to know about Shellshock

Shellshock Video

Learn about the bug, it's impact, and what you can do to protect yourself in this video.

Connect with us on