A Java malware targets servers
A malware called BKDR_JAVAWAR.JG behaves as a JavaServer Page (JSP) and installs a backdoor on HTTP servers in Java.
Security researchers Editor antivirus Trend Micro have discovered a backdoor malware that infects HTTP servers in Java. This allows attackers to execute malicious commands on the underlying systems. Threat known as the BKDR_JAVAWAR.JG, takes the form of JavaServer Pages (JSP), a type of web page that can be deployed and served by a specialized web server with a Java servlet container such as Apache Tomcat servers. Once the page is deployed, the attacker can remotely access and use its features to browse, download, edit, delete, download or copy files to the infected system via a Web console. This is the equivalent of what you can do with Web Shell PHP scripts most often developed in PHP that can interact with the system via HTTP. "In addition to having access to sensitive information, the attacker takes control of the infected system through the backdoor and may perform other malicious actions on the compromised server" as explained by researchers at Trend Micro in a blog. The JSP backdoor can be installed by other malware already running on the system that hosts the Java HTTP server and servlet container or Java can be downloaded while browsing malicious sites from the system.
The Apache servers Tomcat targeted.
According to technical notes of Trend Micro, malware targeting systems running Windows 2000, Windows Server 2003, Windows XP, Windows Vista and Windows 7. "Another possible attack scenario is that a hacker would look for sites running on Apache Tomcat and then try to access the web application Tomcat Manager", added the researchers from Trend Micro. "By using a tool to break the password, cybercriminals can log in and have the rights of management / administration to deploy the WAR file server (Web Applications ARchive) packed with backdoor malware."
Trend Micro researchers advise administrators who want to protect their servers against these threats to use strong passwords difficult to break with brute force tools to deploy all security updates available for their systems and software and avoid surfing websites unknown and unreliable.
Security researchers Editor antivirus Trend Micro have discovered a backdoor malware that infects HTTP servers in Java. This allows attackers to execute malicious commands on the underlying systems. Threat known as the BKDR_JAVAWAR.JG, takes the form of JavaServer Pages (JSP), a type of web page that can be deployed and served by a specialized web server with a Java servlet container such as Apache Tomcat servers. Once the page is deployed, the attacker can remotely access and use its features to browse, download, edit, delete, download or copy files to the infected system via a Web console. This is the equivalent of what you can do with Web Shell PHP scripts most often developed in PHP that can interact with the system via HTTP. "In addition to having access to sensitive information, the attacker takes control of the infected system through the backdoor and may perform other malicious actions on the compromised server" as explained by researchers at Trend Micro in a blog. The JSP backdoor can be installed by other malware already running on the system that hosts the Java HTTP server and servlet container or Java can be downloaded while browsing malicious sites from the system.
The Apache servers Tomcat targeted.
According to technical notes of Trend Micro, malware targeting systems running Windows 2000, Windows Server 2003, Windows XP, Windows Vista and Windows 7. "Another possible attack scenario is that a hacker would look for sites running on Apache Tomcat and then try to access the web application Tomcat Manager", added the researchers from Trend Micro. "By using a tool to break the password, cybercriminals can log in and have the rights of management / administration to deploy the WAR file server (Web Applications ARchive) packed with backdoor malware."
Trend Micro researchers advise administrators who want to protect their servers against these threats to use strong passwords difficult to break with brute force tools to deploy all security updates available for their systems and software and avoid surfing websites unknown and unreliable.
A Java malware targets servers
مراجعة من قبل fortech
ÙÙŠ
3:19 م
تصنيÙ:
مراجعة من قبل fortech
ÙÙŠ
3:19 م
تصنيÙ:
