Spyware Sucks

Teaching all Internet users about the latest risks to their online safety and how to stay safe when surfing the Web (and she knows a lot about Internet Explorer too) ;o)

Home
Contact

Tuesday, February 06, 2007 6:35 PM sandi

Yahoo India was hacked at least 4 days ago and nothing has been done

What's a girl to do when even a really big names like Yahoo are hacked? Yes, I am talking about Yahoo India, but it is still Yahoo.

If you come across a Web site that wants to install a Remote Data Services Data Control you can be pretty damned sure that it is not a good thing. Don't let the site do what it wants.

Mike Burgess of MVP Hosts file fame had a look at the Yahoo site this morning after I pinged a security list about the problem, and has supplied the following screenshot of what the pages try to do - you will see that the page is trying to download something from 39814547.ee28.cn, which in turn translates to IP 222.208.183.175, which in turns translates into Chinanet SC, China Telecom. I checked the Yahoo site again this evening, and it is still compromised 5 days after news of the hacking appeared in the blogosphere. Even more amazing, the Yahoo India site is brand new - it went live on or about 31 January 2007 (I'm not sure exactly when), and on 1 February 2007 somebody had already blogged about the hacking:
http://fulltosh.spaces.live.com/blog/cns!5BE8C2D33352197D!358.entry

It is simply not good enough for Yahoo (even Yahoo India) to send a site live which is then hacked within a very short period of time, and which is still a danger 4 days later. In the ultimate irony, news.yahoo.com reported just today about "an increasing number of Web sites hosting malicious javascript code". Yahoo, you need to clean up your own backyard - NOW!!!

Yahoo India has roughly 25.5 MILLION USERS - that is 25.5 million potential victims of this hacking. I'm going to try and find a contact at Yahoo who can get that damned site shut down until it is cleaned up and security improved.

Here is what we see when we visit the hacked Web site (the first graphic is Mike's screenshot, followed by three screen captures of some infected pages) - PLEASE DO NOT VISIT THE URLS!!

I checked the URLs once more immediately before sending this blog entry live - the pages are still dangerous. The screenshots may fall to bottom of screen on smaller monitors in which case you will need to scroll down to see them - sorry about that.

Update: Yahoo is slowly cleaning things up, but they're missing pages - this one, for example, is still infected:
http://in.hindi.yahoo.com/Religion/PhotoGallery/0610/19/1061019009_1.htm