Hackers managed to get root access to a large Internet Service Provider, reportedly via a zero day vulnerability over the weekend, and destroy data from 100,000 websites as a result. The UK-based ISP, VAServ, has stated that the attackers apparently exploited a vulnerability in virtualisation software called HyperTM in order to gain access to the servers.

It would appear that around 100,000 of the websites hosted at Vaserv had data destroyed in one hit on Sunday, possibly courtesy of a recursive delete 'rm -rf' Unix command. Unfortunately, many VAServ customers have an unmanaged account with no data backup. It is estimated that half the sites hosted at VAServ are still offline as a result.

The compromise has all the hallmarks of being a highly targeted SQL injection attack on the ISP's central management software, a deliberate infrastructure breach rather than kiddies doing random scanning according to a spokesman for VAServ.

A VAServ statement admits "We have worked tirelessly through the night and over the last 48 hours to recover as many VPS as possible. However, we have now reached the end of all of our servers, and as such, if your server is not currently up, or not partly up (i.e. it is up but not working due to a configuration issue) then it is unfortunate that you will have lost your data due to this third party attack."

About the Author

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.