Published
For more than a week, a huge vulnerability on the Internet has kept security experts on their toes. Now a cybersecurity researcher claims to have found a worm that exploits Log4shell.
It threatens large parts of the Internet.
Unsplash
Critical infrastructure is also at risk, including in Switzerland.
Unsplash
Security experts believe they have found a worm that exploits the Log4shell vulnerability.
That could be extremely dangerous.
However, other experts have given the all-clear.
Nevertheless, the security crisis is not over yet.
The critical Internet vulnerability called Log4shell is becoming more and more dangerous. As the technology portal heise.de describes, the first attacks that exploited this security gap were still carried out manually. In the meantime, security researchers are said to have discovered a so-called “worm” that infects the affected server and can automatically spread further.
This is reported, among others, by the malware exchange community vx-underground on Twitter. In a post it says: «The security researcher @ 1ZRR4H has identified the first Log4j worm. It’s a self-replicating Mirai bot. ” In fact, it looks like the new worm is targeting unsecured Huawei routers.
However, other experts give the all-clear. Security researcher Marcus Hutchins turned on Twitter and wrote: “I disassembled this alleged worm and it doesn’t work at all.” The code contained so many errors that it would not work even if several errors in the code were eliminated.
However, security researchers agree that a working worm that exploits the Log4shell vulnerability could be extremely dangerous. Tom Kellermann from the US company VMware even assumes that such a worm could be used as an effective weapon – for example by intelligence services or other countries, as reported by gizmodo.com.
Hacker groups
But that’s not all. In the meantime, various groups are also actively exploiting the security gap. For example, the hackers known as the Conti Gang, who have been trying to target servers with malware since December 13th. This gives the cyber criminals access to the servers, which they then sell on. According to heise.de, Conti has already managed to hack into company networks.
In the meantime, the voluntary organization Apache Software Foundation has published a new version of the affected library: Log4j 2.17.0. It is said to have completely eliminated another security gap with which attackers could have provoked a denial-of-service – i.e. an endless loop of the program. In the earlier version, this problem was only partially resolved. It is therefore advisable that companies get information as soon as possible and act if necessary.
If you subscribe to the digital push, you will be informed about news and rumors from the world of Whatsapp, Snapchat, Instagram, Samsung, Apple and Co. You will also be the first to receive warnings about viruses, Trojans, phishing attacks and ransomware. There are also tricks to get more out of your digital devices.
This is how it works: Install the latest version of the 20-minute app. At the bottom right, tap on «Cockpit», then «Settings» and finally on «Push notifications». Under “Topics”, tap “Digital” – et voilà!
As a member, you become part of the 20-minute community and benefit from great benefits and exclusive competitions every day!