Yahoo India was hacked at least 4 days ago and nothing has been done
What's a girl to do when even a really big names like Yahoo are hacked? Yes, I am talking about Yahoo India, but it is still Yahoo.
If you come across a Web site that wants to install a Remote Data Services Data Control you can be pretty damned sure that it is not a good thing. Don't let the site do what it wants.
Mike Burgess of MVP Hosts file fame had a look at the Yahoo site this morning after I pinged a security list about the problem, and has supplied the following screenshot of what the pages try to do - you will see that the page is trying to download something from 39814547.ee28.cn, which in turn translates to IP 220.127.116.11, which in turns translates into Chinanet SC, China Telecom. I checked the Yahoo site again this evening, and it is still compromised 5 days after news of the hacking appeared in the blogosphere. Even more amazing, the Yahoo India site is brand new - it went live on or about 31 January 2007 (I'm not sure exactly when), and on 1 February 2007 somebody had already blogged about the hacking:
Yahoo India has roughly 25.5 MILLION USERS - that is 25.5 million potential victims of this hacking. I'm going to try and find a contact at Yahoo who can get that damned site shut down until it is cleaned up and security improved.
Here is what we see when we visit the hacked Web site (the first graphic is Mike's screenshot, followed by three screen captures of some infected pages) - PLEASE DO NOT VISIT THE URLS!!
I checked the URLs once more immediately before sending this blog entry live - the pages are still dangerous. The screenshots may fall to bottom of screen on smaller monitors in which case you will need to scroll down to see them - sorry about that.
Update: Yahoo is slowly cleaning things up, but they're missing pages - this one, for example, is still infected: