Hack deletes 100,000 websites, software developer kills self
Thursday, June 11, 2009
The developer of a server virtualization application that was exploited in a hacking attack on web hosting company VAserv hanged himself shortly after the exploit was discovered.
Hackers had exploited a zero-day vulnerability in the application, which was used by British ISP VAserv for hosting websites on undedicated servers. The hackers deleted some 100,000 websites on Sunday, most of which did not have data backup, according to the Register.
The software developer, KT Ligesh, was discovered dead in his home in Bangalore, India on Monday, the Times of India reported. Ligesh, head of the company LxLabs, had been out drinking the night before and was believed to be upset over the loss of a contract and the suicides of his mother and sister five years earlier.
The Register reported Monday that the server virtualization software, called HyperVM, had a critical vulnerability that allowed hackers to penetrate VAserv's servers to gain root access and delete the websites.
VAserv's director, Rus Foster, told the Register on Monday that data for about half of the websites hosted on VAserv was destroyed sometime Sunday evening.
The attackers were likely able to steal sensitive data stored on VAserv's servers, a VAserv client told the Register.
Hackers likely used a SQL injection attack, Foster told the IT security news website.
Related News:
Password security a tall order for many web users - 1.22.2010
A recently released study from tech researcher Imperva showed that the most popular password among users whose accounts were compromised in the recent RockYou data breach was as follows: 123456.
Facebook fixes "wrong friends list" mobile network security glitch - 1.22.2010
CNET reports that social media network Facebook has repaired a problem in the mobile version of its service that caused some mobile users to have full access to the friends lists of unassociated users.
Automated phishing scam hits bank customers - 1.14.2010
Phishing attacks do not target victims exclusively via email, experts say, pointing to a recent rash of automated phone calls that attempted to convince victims to give up sensitive banking information.
Scammers ride aftershocks of Haiti catastrophe - 1.14.2010
The Federal Bureau of Investigation has issued a warning to those who want to contribute to earthquake relief efforts in Haiti, saying that cyber criminals and other types of scam artists are trying to take advantage of an outpouring of humanitarian support.
Banking Trojans finding new vector with fake Outlook alerts - 1.11.2010
A spurious alert purporting to come from Microsoft Outlook has cropped up in recent weeks, according to a maker of email filtering software.
|
