Security Advisor

Yahoo Servers Reportedly Hacked Using 'Shellshock' Hole

Romanian hackers are targeting the Yahoo Games servers.

Romanian hackers have allegedly exploited the Bash "Shellshock" vulnerability to hack Yahoo servers, according to Unix expert and former hacker Jonathan Hall.

In a blog post on his IT firm's site, Future South Technologies, Hall said he noticed that Yahoo had been compromised after researching attack vectors of the Bash hole after the 20-year-old flaw in the Unix-based platform -- used in Linux, OS X and numerous servers, routers and other hardware --surfaced online two weeks ago.

Using a Google search to find servers that had not been patched to protect against the Shellshock flaw, Hall found that Romanian hackers had infiltrated at least two Yahoo servers and were specifically targeting the company's Yahoo Games servers. Hall speculated that the hackers were targeting those specific servers due to the popularity of the Yahoo Games service. "One might wonder why they would bother going for that," wrote Hall. Well, those games are visited by MILLIONS of people per a day, and they're also java based. Think about it and you tell me why someone would want to compromise those ..."

If a breach of Yahoo servers did occur, attackers could steal information, including e-mail details and login credentials, and deliver malware to unsuspecting customers.  Hall also said that the specific hackers who have targeted Yahoo may be searching for other vulnerable servers through the WinZip .zip file domain.

Using the WinZip domain, Hall said this could lead to further problems for users of the popular file service. "It has been a while since I've used WinZip, but last I recall, every time you guys release a new version It informs the user(s) that a new version is available for update," wrote Hall. "That means there's a Web script somewhere that's being called and checked. In that instance, someone with malicious intent would be more than capable of attaching nasty code to the setup for WinZip and forcing a mass update, effectively infecting every single one of your users -- which I'm fairly certain is still a very large number -- with code of their choice."

After numerous attempts to contact Yahoo concerning the possible breach, Hall said Yahoo e-mailed him, confirming it is currently looking into the matter. He also said he alerted the FBI who "aren't moving with any form of haste," according to Hall.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

  • New Microsoft Customer Agreement for Buying Azure Services To Start in March

    Microsoft will have a new approach for organizations buying Azure services called the "Microsoft Customer Agreement," which will be available for some customers starting as early as this March.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.