100,000 Websites Wiped Out By ZeroDay Exploit - 8th Jun 2009 9:39pm
Originally Posted by The Register, and my good friend Russell :-)
A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.
Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening UK time, more than 24 hours after unknown hackers were able to gain root access to the company's system, Rus Foster, the company's director told The Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs.
"We were hit by a zero-day exploit" in version 2.0.7992 of the application, he said. "I've heard from other people they've been hit by the same thing." Foster said he's been unable to reach anyone at LXLabs to discuss the suspected vulnerability. The Register has also received no response to inquiries sent to the company, which according to its website is located in Bangalore.
According to Foster, data for about half of the websites hosted on Vaserv was destroyed all at once sometime Sunday evening, shortly after administrators noticed "strangeness" on the system. The attackers had the ability to execute sensitive Unix commands on the system, including "rm -rf," which forces a recursive delete of all files.
Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening UK time, more than 24 hours after unknown hackers were able to gain root access to the company's system, Rus Foster, the company's director told The Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs.
"We were hit by a zero-day exploit" in version 2.0.7992 of the application, he said. "I've heard from other people they've been hit by the same thing." Foster said he's been unable to reach anyone at LXLabs to discuss the suspected vulnerability. The Register has also received no response to inquiries sent to the company, which according to its website is located in Bangalore.
According to Foster, data for about half of the websites hosted on Vaserv was destroyed all at once sometime Sunday evening, shortly after administrators noticed "strangeness" on the system. The attackers had the ability to execute sensitive Unix commands on the system, including "rm -rf," which forces a recursive delete of all files.
All a can say is, it wasnt me!
The Register