In the case of Yahoo, security firm Finjan said hackers exploited an
unused IP address within Yahoo's hierarchy and used that as the domain
address behind a forged Google Analytics domain name. This fooled the
Finjan Web-filtering product into believing a person was going to a
highly trusted Yahoo domain. The victims, customers of Finjan, never knew
they were on a malicious Web site, and neither did the security
mechanisms on the network. (In this case, Finjan's Web-filtering
product.)
"They managed to resolve the domain name to an IP address owned by Yahoo.
How they added an address into a DNS server to appear to be an IP address
owned by Yahoo is unknown ," Yuval Ben-Itzhak, CTO of Finjan, told
InternetNews.com. He added that Yahoo, while responsive and quick to shut
down the compromised address, did not disclose exactly what equipment was
behind the compromised IP address.