Yahoo Hackers Searching for Shellshock Find Different Bug

Attackers probing Yahoo networks for a widespread security flaw couldn’t exploit the hole, which had been patched, but they did penetrate three corporate servers through a different glitch.

It had previously been reported that the hackers infected Yahoo’s systems through Shellshock – the bug affecting the operating systems of millions of computers.

Yahoo’s chief information security officer Alex Stamos said late Monday in a Hacker News forum post that the intruders breached three sports servers that deliver live game-streaming data. “After investigating the situation fully, it turns out that the servers were in fact not affected by Shellshock,” he wrote.

No user data was compromised, Yahoo says.

The hole was specific to a small number of machines and has been fixed.

Stamos said the hackers had been trying to gain access using the Shellshock defect, which is found in a program called Bash that supports Linux and Apple OS X.

“As you can imagine this episode caused some confusion in our team, since the servers in question had been successfully patched (twice!!) immediately after the Bash issue became public,” he said. “Once we ensured that the impacted servers were isolated from the network, we conducted a comprehensive trace of the attack code through our entire stack which revealed the root cause: not Shellshock.”