As any security researcher will tell you, zero-days never die young. The reason is simple. Even when rapidly released, official patches are only useful for containment. Left unattended, some resources will remain vulnerable. . These might be some old WP templates using an older version of TimThumb or, in the case of Shellshock, a home router having an outdated Linux installation. One way or another, there are always stragglers for attackers to prey on.
Today, more than thirty days after Shellshock was officially disclosed, there are still plenty of them roaming around...Read more »