Cybersecurity experts announced the discovery of a significant new software bug Thursday called "Shellshock" that could affect hundreds of millions machines globally, from computers and routers to cameras and refrigerators.

The threat originated from a free piece of software known as Bash, short for Bourne-Again Shell, which can be found in more than 70 percent of machines connected to the Internet, The New York Times reports. Created in 1987, Bash received a new feature in 1992 that is thought to have included the Shellshock vulnerability, which could be exploited to give hackers control of entire computers and other devices, including smartphones.

While the new threat is already being compared to the Heartbleed bug discovered in April, Shellshock represents a more significant security issue than Heartbleed, which left Internet users' passwords and other valuable information vulnerable but did not give hackers the ability to take over entire machines.

In the case of Shellshock, small businesses are at risk of having a wide variety of devices compromised.

"Any piece of equipment that they have in that company that has a computer that is part of it--and this could be things all the way from air conditioning systems to point of sale systems to even small office routers--in many cases, those devices are now actually running a version of Unix that has this [bug]," says Rodney Joffe, vice-president and senior technologist at information services company NeuStar. 

"It’ll be much more of an issue for small businesses [than Heartbleed], and it’s going to be much more of an issue for home users. From a business point of view, this is going to be a headache for a long time."

As usual, business owners concerned about devices with a connection to the Internet should check for software updates and refer to manufacturers' websites for information on routers and other devices, but those updates will not be immediate, according to Joffe.

"What they want to do is contact whoever it is that runs their firewall configurations--either external or internal--and have them look for Snort signatures for this particular kind of vulnerability," he says. "That’s about the best thing you can do now while you wait for the manufacturers to develop patches."