Vulnerability attacks Bash command line in Linux, Unix and Mac.
Shellshock has been discovered to have attacked thousands of servers, with many hackers using the exploit to set up malicious botnets.
One group of attackers used a Shellshock botnet against content network Akamai to dump large amount of junk data and bring the systems offline, while another group used the network of compromised machines to scan for more vulnerable machines that can be used to intensify the attack.
The scanning and attacks were discovered by honeypots or computers designed to look vulnerable but capable of getting information about the attacks.
Experts opine that Shellshock is likely to do more damage than Heartbleed as the latter is restricted to open SSL while the former has a wider reach.
Security firm Rapid 7 said that the previous estimates of 500 million machines being vulnerable to Shellshock are being revised because of the number of factors that need to be in play for a target to be susceptible.
Shellshock is not only capable of stealing confidential information, but can also take control of the device and execute code remotely by exploiting Bash.
"This bug is going to affect an unknowable number of products and systems, but the conditions to exploit it are fairly uncommon for remote exploitation," the firm added.
UK Government’s cyber security team has alerted its departments and agencies to give Shellshock the highest possible threat ratings, as the vulnerable systems could include machines that are part of UK’s critical national infrastructure.
Reports suggest that the US and the Canadian Governments have also issued similar alerts.