Yahoo Servers Reportedly Hacked Using 'Shellshock' Hole -- Redmondmag.com

Yahoo Servers Reportedly Hacked Using 'Shellshock' Hole

Romanian hackers are targeting the Yahoo Games servers.

By Chris Paoli
10/06/2014

Romanian hackers have allegedly exploited the Bash "Shellshock" vulnerability to hack Yahoo servers, according to Unix expert and former hacker Jonathan Hall.

In a blog post on his IT firm's site, Future South Technologies, Hall said he noticed that Yahoo had been compromised after researching attack vectors of the Bash hole after the 20-year-old flaw in the Unix-based platform -- used in Linux, OS X and numerous servers, routers and other hardware --surfaced online two weeks ago.

Using a Google search to find servers that had not been patched to protect against the Shellshock flaw, Hall found that Romanian hackers had infiltrated at least two Yahoo servers and were specifically targeting the company's Yahoo Games servers. Hall speculated that the hackers were targeting those specific servers due to the popularity of the Yahoo Games service. "One might wonder why they would bother going for that," wrote Hall. Well, those games are visited by MILLIONS of people per a day, and they're also java based. Think about it and you tell me why someone would want to compromise those ..."

If a breach of Yahoo servers did occur, attackers could steal information, including e-mail details and login credentials, and deliver malware to unsuspecting customers. Hall also said that the specific hackers who have targeted Yahoo may be searching for other vulnerable servers through the WinZip .zip file domain.

Using the WinZip domain, Hall said this could lead to further problems for users of the popular file service. "It has been a while since I've used WinZip, but last I recall, every time you guys release a new version It informs the user(s) that a new version is available for update," wrote Hall. "That means there's a Web script somewhere that's being called and checked. In that instance, someone with malicious intent would be more than capable of attaching nasty code to the setup for WinZip and forcing a mass update, effectively infecting every single one of your users -- which I'm fairly certain is still a very large number -- with code of their choice."

After numerous attempts to contact Yahoo concerning the possible breach, Hall said Yahoo e-mailed him, confirming it is currently looking into the matter. He also said he alerted the FBI who "aren't moving with any form of haste," according to Hall.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.