It was not DNS related. It seems Yahoo uses a system where different
web browsers are sent to different web servers. Thats why only lynx users
(and maybe users of very old version versions of Netscape) saw the page.
Only the lynx server was affected.
The boxes affected where located in the GlobalCenter data center. They
provide web hosting for Yahoo (and some other very large web sites).
My informant claims that the attack actually came from behind the
firewall via a dialup modem. He claimed that password to a users account
on the machines had been compromissed.
After the web page was modified all types of automatic bells and
whistles went off and they restored from backup in fifteen minutes.
You can view a copy of the hacked homepage at
http://www.clipper.net/~skully/yahoo/
Notice that the page had a link to
http://www.yahoo.com/yahooz-el8-search-engine-src.zip
Wonder it the source code for yahoo's search engine was really
there and if anyone got to download it ;)
Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01