100,000 Websites Wiped Out By ZeroDay Exploit

Originally Posted by The Register, and my good friend Russell :-)

A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.

Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening UK time, more than 24 hours after unknown hackers were able to gain root access to the company's system, Rus Foster, the company's director told The Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs.

"We were hit by a zero-day exploit" in version 2.0.7992 of the application, he said. "I've heard from other people they've been hit by the same thing." Foster said he's been unable to reach anyone at LXLabs to discuss the suspected vulnerability. The Register has also received no response to inquiries sent to the company, which according to its website is located in Bangalore.

According to Foster, data for about half of the websites hosted on Vaserv was destroyed all at once sometime Sunday evening, shortly after administrators noticed "strangeness" on the system. The attackers had the ability to execute sensitive Unix commands on the system, including "rm -rf," which forces a recursive delete of all files.

All a can say is, it wasnt me! bananalama

The Register

I think this is the same company - news article

"High Availability, Virtualisation and Disaster Recovery Solutions Now Available From VAServ"

The scary thing is, there is still hundreds of hosts still using HyperVM... I mean, come on!!!!

The server my sites and my mates sites are all hosted on are unaffected as yet

We use LXadmin, but i think after this he might change over

Dont touch LX Labs with a bargpole man, all their software appears to be ridiculed with security issues and they dont seem to give a damn. If its running HyperVM, tell him (or his providers) to shut it down at once. If in doubt just take a look at WHT right now, its in absolute disarray with the fallout...

This issue was believed to have been reported to them on the 24th May, yet the zero day strike was Sunday 7th June, they had claimed to have fixed all the flaws with a the issuing of a security patch on Saturday, obviously they were lying.

The pathetic thing is, if they had announced the issues to their partners, it would have simply been a case of shut down HyperVM until the issues were resolved, now though, they have caused an obscene amount of damage and will hopefully go bankrupt as a result of it.

OMFG, serious shit...

LX Labs Boss Commits Suicide After Exploit Wipes Out 100,000 Websites

Originally Posted by The Register

The boss of Indian software firm LxLabs was found dead in a suspected suicide on Monday.

Reports of the death of K T Ligesh, 32, come in the wake of the exploitation of a critical vulnerability in HyperVM, a virtualization application made by LXLabs, to wipe out data on 100,000 sites hosted by the UK web hosting firm VAserv.

The effect of his death on the development of updated software by LxLabs is unknown at time of writing.

Ligesh was found hanged in his Bangalore house on Monday morning, after a late night drinking session. The Times of India reports that he was upset with the loss of a recent contract. Ligesh was also still coming to terms with the suicides by hanging of his sister and mother five years ago.

Security researchers at Milw0rm warn that the Kloxo (formerly Lxadmin) web hosting platform from LxLabs contains 24 security vulnerabilities and exploits. The flaws include SQL injection vulnerabilities and flaws that create a way for hackers to gain file access to files hosted on a vulnerable system.

The vulnerabilities are confirmed to affect Klaxo version 5.75, though other versions may also be affected. Milw0rm went public with an alert on the vulnerability last Thursday after failing to hear back from LxLabs in what it considered to be a timely manner.

Jeeze, I have spent upwards of the last 40 hours, with no sleep and little to eat since Saturday night (too busy and lost appetite lol) sorting out all the crap thanks to this, but no way in hell would I have ever wished this. His software may have caused millions of pounds worth of damage to companies, organisations etc, but at the end of the day its just money and time, shit happens and were used to it in this industry, I really feel for the guys family and friends and am so sorry these has caused such a tragic event.

It all seemed very exciteable, something to talk about within the inustry and lots of mess to clear up, which is what we admins do best (and in all honesty, its our job at the end of the day), but this just puts it into perspective, and suddenly its not so much fun now, and very muted.

And to top things off, BlueSquare Data have now announced they will be taking over the operations of VAServ, very sad for me as I have worked with VAServ for 5 years now and treated well throughout by Rus and the team, I have a feeling the service won't be so friendly or personal with BlueSquare - the boss Matthew Munson is a likeable chap, I know from dealing with Poundhost on occasion, but the company is just far too big. It makes sense as VAServ colocate in BlueSqaure III and have their UK offices there, and also BlueSquare have their own in-house developed alternative to HyperVM, but still... Rus has cited since the announcement, a major factor in the decision is relating to him feeling part-responsibility for the guys death, which of course is silly, but I can understand where he coming from, he must be so emotionally and physically drained right now, I really feel for him and fully understand his decision.

A very sad day for the industry.