Yahoo CISO Alex Stamos refuted claims made by a Louisiana security company that a number of Yahoo servers had been breached by hackers using Bash Bug.Stamos said three Yahoo Sports API servers were infected with malware by hackers looking for webservers vulnerable to the Shellshock vulnerability, but the exploits were not related to Shellshock.
Jonathan Hall, President of the IT consulting firm, Future South Technologies and a security researcher, has affirmed that a group of Romanian hackers used the Shellshock vulnerability to compromise Yahoo servers, which was also confirmed by Yahoo!.Hall said that the cybercriminals used Google search engine to identify vulnerable servers and built a botnet by exploiting the Shellshock flaw.
Bash Bug is a remotely exploitable vulnerability that affects Linux and Unix command-line shell (GNU Bourne Again Shell abbreviated as Bash). Discovered by security researcher, Stephane Chazelas at Akamai, the flaw allows users to send commands on Unix and Linux systems by connecting over SSH or telnet. It can also act as CGI scripts parser on a web server.
Yahoo that got vulnerable to Heartbleed bug putting users at risk and now Bash Bug has made its way deep inside the Yahoo servers.This is funny has how a popular high profile company like yahoo is always vulnerable to these kind of bugs.