Menu
Yahoo says attackers looking for Shellshock found a different bug

Yahoo says attackers looking for Shellshock found a different bug

The bug has now been fixed and user data was not at risk, the company said

Yahoo said Monday it has fixed a bug that was mistaken for the Shellshock flaw, but no user data was affected.

Three of the company's servers with APIs (application programming interfaces) that provide live streaming for its Sports service "had malicious code executed on them this weekend by attackers looking for vulnerable Shellshock servers," wrote Alex Stamos, Yahoo's chief information security officer.

Stamos wrote on the Hacker News website that the servers had been patched after the Shellshock vulnerability was disclosed.

Yahoo was notified by Jonathan Hall, senior engineer and president of Future South Technologies, a security consulting firm. Hall wrote on his blog that he uncovered a vulnerability in at least two Yahoo servers.

Hall wrote he found evidence that a group of what appears to be Romanian hackers had struck Yahoo, Lycos and WinZip, using the Shellshock vulnerability to infect servers and build a botnet, the term for a network of infected machines.

Shellshock, first identified late last month, is the nickname for a flaw in a form of software known as Bash, a command-line shell processor on Unix and Linux systems. The security hole could let attackers insert extra code into computers running Bash, allowing them to take control of servers remotely.

In a statement released earlier on Monday, Yahoo appeared to confirm Hall's finding that Shellshock was to blame. But Stamos later published a post on the Hacker News saying that further investigation showed Shellshock was not the cause.

The attackers, Stamos wrote, had "mutated" their exploit and ended up taking advantage of a different bug that was in a monitoring script being run by Yahoo's developers to parse and debug Web logs. That bug was only specific to a small number of machines, he wrote.

"As you can imagine this episode caused some confusion in our team, since the servers in question had been successfully patched (twice!!) immediately after the Bash issue became public," he wrote.

Hall wrote that he sent an email warning of his findings to WinZip, a division of Canada-based Corel. WinZip is a file compression utility.

In an email statement on Monday, WinZip spokeswoman Jessica Gould didn't directly address Hall's findings but said "we were contacted by Mr. Hall almost a week after we began our patching process. We've since replied to Mr. Hall directly to thank him for contacting us."

Hall wrote on his blog that it appeared WinZip's servers had been compromised using Shellshock. Those servers were then being used to search for other vulnerable Web servers. The malicious code on WinZip's servers connected to an IRC server, where it awaits commands from the hackers.

(Zach Miners in San Francisco contributed to this report.)

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags winzipYahoocorelsecuritydata breachDesktop securityFuture South TechnologiesLycosdata protection

Featured

Slideshows

Reseller News launches inaugural Hall of Fame lunch

Reseller News launches inaugural Hall of Fame lunch

Reseller News welcomed 2015 and 2016 inductees - Darryl Swann, Dave Rosenberg, Gary Bigwood, Keith Watson, Mike Hill and Scott Green - to the inaugural Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed how the channel can collectively work together to benefit New Zealand, the Kiwi skills shortage and the future of the industry. Photos by Maria Stefina.

Reseller News launches inaugural Hall of Fame lunch
Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Show Comments