Feeds

Webhost hack wipes out data for 100,000 sites

Vaserv suspects zero-day virtualization vuln

Designing a Defense for Mobile Applications

A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.

Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening UK time, more than 24 hours after unknown hackers were able to gain root access to the company's system, Rus Foster, the company's director told The Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs.

"We were hit by a zero-day exploit" in version 2.0.7992 of the application, he said. "I've heard from other people they've been hit by the same thing."

Foster said he's been unable to reach anyone at LXLabs to discuss the suspected vulnerability. The Register has also received no response to inquiries sent to the company, which according to its website is located in Bangalore.

According to Foster, data for about half of the websites hosted on Vaserv was destroyed all at once sometime Sunday evening, shortly after administrators noticed "strangeness" on the system. The attackers had the ability to execute sensitive Unix commands on the system, including "rm -rf," which forces a recursive delete of all files.

Some 50 percent of Vaserv's customers signed up for unmanaged service, which doesn't include data backup, Foster said. It remains unclear of those website owners will ever be able to retrieve their lost data, he said. As a result, at least half the websites that were hosted on the site remain offline.

"Since last night, I've had probably 40 phone calls from clients saying 'Why is my website down,'" said Daniel Voyce, a web developer for Nu Order Webs who uses Vaserv to host customer sites. "It's making me look bad."

Voyce said the hackers, given the high level of server access they gained, were likely able to intercept a wealth of sensitive data stored on Vaserv's servers. Voyce said his customers are safe because all sensitive information was encrypted.

Little is known about the people who attacked the site. So far, there are no known reports of individuals taking credit for the hack. The breach was likely the result of a SQL injection attack that penetrated Vaserv's central management software and removed vital binaries and data for about half of all user data stored by the service, Foster said.

"This wasn't someone randomly scanning things," he said. "It was a deliberate attack on our infrastructure."

Vaserv specializes in low-cost web hosting using VPS, or virtualized private servers. Virtualization features in LXLabs' HyperVM helped Vaserv provide the service, which costs a fraction of the price of dedicated server hosting.

It remains unclear how other webhosts using the HyperVM have been affected. If you're aware of other providers affected by this reported vulnerability, please contact the reporter at the link above. ®

Boost IT visibility and business value

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple ran off to IBM
But never fear fanbois, you're still lapping up iPhones, Macs
Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
Phone egg, meet desktop chicken - your mother
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.