×

What can you do about the 'Bash' bug? Not much

Computer virus
Darko Novakovic | Getty Images

The impact of the most recent security bug dubbed "Shell Shock" or the "Bash" bug has the potential to be massive, security experts say. And unfortunately there's not much people can do to guard against it.

The bug affects Unix-based operating systems including Linux and Apple's Mac OS X and the exploit can be used by hackers to steal information, remotely take over computers and possibly even entire networks.

Specifically, the bug affects only Unix-based systems that use the language interpreter called Bash for commands.

Read More Hackers launch attacks exploiting 'Shellshock' bug in Bash software

Here's what consumers and companies need to know about the bug.

How severe is this really?

The National Institute for Standards in Technology rated the flaw 10 out of 10 in terms of severity.

One reason the bug could become a huge problem is because about 70 percent of web servers run on Linux, said Bogdan Botezatu, a senior e-threat analyst at the security firm Bitdefender.

"All of these web servers that run Linux could be a potential target," Botezatu said.

And once a web server is compromised, anyone controlling it can take over a lot more.

"Web servers execute privileged commands in these systems, so if you establish control of these systems you can do whatever you want from there," said John McCormack, CEO of the security firm Websense. "This is called a remote execution bug, and it's the worst kind in our industry."

Read More'Bash' may pose bigger threat than 'Heartbleed'

Who should be worried?

While this may sound like a problem that only web administrators should be worried about, it has the potential to trickle down and create a chain reaction for consumers.

"In the end, services provided by web servers are consumed by consumers. If I can compromise a server, I can send viruses to the consumer," Botezatu said.

In other words, if you visit a website that has been affected, malware could be uploaded onto your computer. Hackers who attacked the web server could also use their control to install software on the server that could be used to steal personal information of those who visit the website. For example, on an ecommerce site, they could install software that would capture credit card information. Unfortunately for consumers, there's no way to tell which websites have been affected.

Companies should be very worried about this since an attack could mean an outsider gaining control of their network, said Rohit Sethi, vice president at the security firm Security Compass.

Read MoreWhen government hackers tried to break into HealthCare.gov

"When someone can execute a command on a machine, they can not only download malware but they can use that as a launching point to get into the network," Sethi said. "Once they are there, they have the ability to connect to other servers that are connected to that web server, this could compromise a corporate network potentially infiltrating the entire network."

So is there anything consumers can do for protection?

Unfortunately, not much.

Unlike the Heartbleed bug where consumers could change their passwords and not access websites until a patch was in place, there's not much people can do to protect themselves with this bug, McCormack said.

"The real important thing here you don't have to log into a system to get compromised, you just have to be able to access a web page on the Internet," Sethi said.

The primary thing consumers can do is be vocal about their concerns, said Sethi.

"Let the companies you visit online know you are worried about it," he said. "A lot of companies pay lip service to security, they do the bare minimum unless they know consumers are really worried about it."

As for Apple Mac users—who are also vulnerable to the bug—Apple has not yet released a security patch. However, an Apple spokesperson said the company will be addressing the issue and that it does not affect the majority of Mac users.

"With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users," a company spokesperson said in a statement.

What should companies be doing?

Companies need to work with security vendors to see if they've been attacked, and if so how best to mitigate the problem, McCormack said. Once a vulnerability is found, companies must patch it and continue to do forensics to see what else may have been impacted, he said.

Most operating system vendors have issued a partial fix, which makes attacks more difficult, but a complete patch is still in the works, said Botezatu.

Read MoreOnline banking, or shopping: Which is safer?

"The only way this can be fixed is if the web servers shut down and issue a patch," Botezatu said.

But shutting down can be costly, especially for companies that serve customers online, which could likely deter some companies from implementing a fix, Botezatu said. However, because of the potential damage a breach could cause, most will opt to shut down and fix, said Sithi.

"Some companies just don't have the capacity to update their servers, or they are worried their machine is too fragile to handle this update," Sithi said.

"Those are the companies we are most worried about."

By CNBC's Cadie Thompson.