ShellShock Worm hitting QNAP NAS devices

Several months later and now a worm has been released hitting QNAP devices. It spreads by connecting to QNAP devices open to the internet (yeh, brilliant thing to do) that have not been patched. (just as brilliant) 🙂

How can I tell if my device is infect?
Look in /etc/shadow and /etc/passwd for an account named “request” If you find it, your infected.

I am infected! Help!
To delouse your system, go to QNap’s page.

How can I tell if my device is vulnerable to ShellShock?
SSH into your device and run the following command: (use at your own risk)
curl | bash
More information can be found at

How do I patch my device if it is vulnerable?
If your already infected, the worm nicely patches your system. How considerate. 🙂
Else, go to QNap’s page for instructions on how to update your device.