HyperVM boss hangs himself after exploit damages 100,000 websites

Davey Winder
Wednesday, 10 June 2009 02:46

Business IT - Security

Does a zero-day hacker have the death of one man and one hundred thousand websites on his or her conscience today?

Reports are emerging that KT Ligesh, the 32 year old boss of LXLabs in Bangalore, has been found hanged at his house.

Described as a brilliant software engineer, his company was said to be doing quite well which begs the question: why the suicide? The Times of India suggests that suicide ran in the family and Ligesh was upset about a lost contract.

However, I wonder if the unfolding events surrounding the discovery of critical vulnerabilities in applications developed by LXLabs might have some bearing on the tragedy?

First there are 24 vulnerabilities reported in the Kloxo (previously known as Lxadmin) web hosting platform.

But perhaps even more troubling is the suggested critical vulnerability in virtualisation software called HyperVM, that has apparently been exploited over the weekend causing as many as 100,000 websites to be damaged so far.

UK-based ISP VAServ has stated that up to 100,000 websites had been damaged following a zero-day exploit which hit the ISP's central management software and wiped data from sites which had opted for a cheaper, non-backed up, hosting service on Sunday night.

VAServ says in a statement that it had worked through Sunday night, and continues to do so now, in order to recover as many virtually hosted sites as possible however it admits that "if your server is not currently up, or not partly up (i.e. it is up but not working due to a configuration issue) then it is unfortunate that you will have lost your data due to this third party attack."

LXLabs has yet to comment either on the death of KT Ligesh or the reports of critical vulnerabilities in its software.