Log4Shell Malware Vulnerability Vaccine Helps Protect Users that Could Not Update Yet

Log4Shell malware vulnerability vaccine is now out for free, which seeks to help lessen the risk of getting hacked by cyber attackers using the massively widespread zero-day exploit.

Log4Shell Malware Vulnerability Vaccine Helps Protect Businesses that Could Not Update Yet
BERLIN, GERMANY - DECEMBER 27: A participant looks at lines of code on a laptop on the first day of the 28th Chaos Communication Congress (28C3) - Behind Enemy Lines computer hacker conference on December 27, 2011 in Berlin, Germany. The Chaos Computer Club is Europe's biggest network of computer hackers and its annual congress draws up to 3,000 participants. Photo by Adam Berry/Getty Images

Log4Shell Vulnerability Vaccine

As per the report by ZDNet, a cybersecurity firm, Cybereason, rolled out what it touts to be the fix for the Apache Log4Shell vulnerability, serving as a "vaccine" against the malware spreading exploit.

The Boston-based cybersecurity company previously urged users to immediately patch their systems with the latest update from Apache to fix the critical vulnerability.

However, Cybereason also recently acknowledged that some users would have to deal with a problem that prevents them from updating their systems as soon as possible.

That said, the cybersecurity firm went on to introduce a vaccine that could help prevent the risk of being cyber attacked in lieu of the security patch.

Log4Shell Vaccine: How it Works

The "vaccine" for the Apache vulnerability goes by the name "Logout4shell." It is to note that it is available to anyone for free on GitHub.

Not to mention that Cybereason further assured that the "fix" for the zero-day exploit "is a relatively simple fix that requires only basic Java skills to implement."

The Chief Technology Officer of Cybereason, Yonatan Striem-Amit, told ZDNet that the "vaccine" for Log4Shell will also use "the vulnerability itself to set the flag that turns it off."

The Cybereason CTO went on to explain that the "fix" will further change the configuration of the server leading it "to not load things anymore."

Log4Shell Vulnerability Vaccine and Cybersecurity Experts

However, despite the claims of the cybersecurity firm, which gives hope to those exposed to the Log4Shell vulnerability, some experts are sharing their two cents about the "vaccine."

According to the news story by VentureBeat, the founder and chief technology officer at the bug bounty firm, Bugcrowd, Casey Ellis, told the news outlet that the said Log4Shell vaccine is effective in fixing the problem.

What's more, Ellis further said that could also potentially extend a helping hand to the security teams of the affected firms.

However, the security expert warned that the "fix" has some limitations on hand.

Ellis precisely pointed out that the "vaccine" does not work on the Log4j version 2.10, leaving its users with no choice but to install the patch as soon as possible.

In addition to that, the security experts also added that the Cybereason fix for the vulnerability is more of a "supplementary tool." Thus, it has yet to become a cure-all solution to the Log4Shell mess, but there are potentials for it to be one.

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:Malware
Join the Discussion
Real Time Analytics