Yahoo Servers Reportedly Hacked Using 'Shellshock' Hole
Romanian hackers are targeting the Yahoo Games servers.
Romanian hackers have allegedly exploited the Bash "Shellshock" vulnerability to hack Yahoo servers, according to Unix expert and former hacker Jonathan Hall.
In a blog post on his IT firm's site, Future South Technologies, Hall said he noticed that Yahoo had been compromised after researching attack vectors of the Bash hole after the 20-year-old flaw in the Unix-based platform -- used in Linux, OS X and numerous servers, routers and other hardware --surfaced online two weeks ago.
Using a Google search to find servers that had not been patched to protect against the Shellshock flaw, Hall found that Romanian hackers had infiltrated at least two Yahoo servers and were specifically targeting the company's Yahoo Games servers. Hall speculated that the hackers were targeting those specific servers due to the popularity of the Yahoo Games service. "One might wonder why they would bother going for that," wrote Hall. Well, those games are visited by MILLIONS of people per a day, and they're also java based. Think about it and you tell me why someone would want to compromise those ..."
If a breach of Yahoo servers did occur, attackers could steal information, including e-mail details and login credentials, and deliver malware to unsuspecting customers. Hall also said that the specific hackers who have targeted Yahoo may be searching for other vulnerable servers through the WinZip .zip file domain.
Using the WinZip domain, Hall said this could lead to further problems for users of the popular file service. "It has been a while since I've used WinZip, but last I recall, every time you guys release a new version It informs the user(s) that a new version is available for update," wrote Hall. "That means there's a Web script somewhere that's being called and checked. In that instance, someone with malicious intent would be more than capable of attaching nasty code to the setup for WinZip and forcing a mass update, effectively infecting every single one of your users -- which I'm fairly certain is still a very large number -- with code of their choice."
After numerous attempts to contact Yahoo concerning the possible breach, Hall said Yahoo e-mailed him, confirming it is currently looking into the matter. He also said he alerted the FBI who "aren't moving with any form of haste," according to Hall.