Researcher claims Yahoo! servers have been compromised using Shellshock

1000px-Yahoo!_logo.svg

Early reports are indicating that at least two Yahoo! web servers have been hacked through use of the critical Shellshock Bash Bug.

Yahoo! has yet to release an official statement on the matter, however an analysis of the issue has been published by independent security researcher Jonathan Hall. According to Hall, Romanian hackers have used Shellshock to compromise the Yahoo! web servers and explore the company’s network. Hall writes that the attackers appear to be working towards accessing the Yahoo! Games servers, access which could potentially allow them to serve malware to millions of users. In addition to Yahoo!, the researcher also states that the hackers have compromised WinZip.com and Lycos.

As an immediate precaution, Emsisoft recommends that all Yahoo! users change their password as soon as Yahoo! confirms that the breach has been closed – that is, of course, if Hall’s findings are indeed true.

For more information, see the researcher’s statement and technical analysis.

Have a nice (malware-free) day!