'Shellshock' fears mount as governments scramble to protect vital infrastructure

'Bash Bug', according to experts was more dangerous than Heartbleed, a virus that scared the internet community in August, The Sydney Morning Herald reported. Shellshock, which is also known as the "Bash Bug", allows Unix-based operating systems, including Linux and Mac OS X, to be compromised.

The vulnerability is found in Bash, a type of shell software that had been around since 1989. Bash, a command shell, like a screen, allows users to issue commands to a computer – so a hacker who exploited the bug would be able to tell an affected device what to do, remotely.

Unix in some form is found on many devices including web servers, routers, Android phones, Mac computers and connected devices. The bug could also affect systems running power plants and municipal water networks, though security experts already recommend that these remain disconnected from the internet so they were not open to such risks.

Once a hacker got into a device or system, he could gain access to other devices on the same network, from where, theoretically he could just about anything – including installing malicious software, stealing sensitive data, or turning off one's smart fridge off and spoiling one's dinner.

Shellshock or Bash Bug has a rating of 10 on a 10-point scale for its impact and ease of exploitability by the Common Vulnerability Scoring System, an industry standard for assessing how bad security flaws were.

Heartbleed, the bug found earlier this year that also affected almost every device, was rated 5 (See: Security experts warn internet users against 'Heartbleed' bug).

According to experts around half a billion web servers and devices could potentially be affected.

Meanwhile, cyber-security experts suggested last night that people stop using their credit cards for online purchases until a solution to the bug, which had been around for over 20 years, was found and distributed, The Independent reported.

The UK's national cyber-security response team, Cert-UK, had issued a call to all government departments stating that the Shellshock flaw carried the ''highest possible threat ratings… for both impact and exploitability''.

According to Cert-UK it should be ''assumed'' that many government computers and other devices would be vulnerable to the bug. It added, ''This will inevitably include organisations that are part of the critical national infrastructure.''

Many industrial control systems, from power plants to traffic light systems, relied on Bash software. Cyber analysts said last night that authorities needed to act immediately to close the loophole, pointing out that within hours of its discovery, hackers had started exploiting the flaw, posting videos of their exploits online.

Although software ''patches'' had already been distributed to deal with the problem, they were not thought to be fully effective.