There appear to be developments in the way that Shellshock is used to push malware around. According to new information the Bash Bug is now being used to send malware out through the use of compromised SMTP gateways. The clever attackers are trying to use altered headers (from, to, subject) to force the SMTP gateway to pull down additional code that contains the Shellshock attack.
A day after we published an article on how deficient most developers are when it comes to properly planning for security we are hearing about a new bug that infects one of the core components of an operating system. Dubbed Bash or Shellshock this new flaw affects the shell in an OS. The shell in an OS is what allows you to interact with systems. When you run an application it will often run code through the shell to give you the desired result.