Malware targets Java HTTP servers

A malware that strikes at Java HTTP servers and allowsattackers to gain control on underlying systems has been spotted by securityresearchers of anti-virus vendor Trend Micro Inc.

 “Using a password cracking tool, cybercriminals are ableto login and gain manager/administrative rights allowing the deployment of Webapplication archive (WAR) file packages with the backdoor to the server,”according to a post last Thursday on the Trend Labs. “…Once done, the backdoorcan now browse, upload, edit, delete, download or copy files from the infectedsystem.”

The malware, identified as BKDR-JAVAWAR.JG, comes if theform of a JavaServer Page (JSP) and can only target Java Servlet containerssuch as Apache Tomcat of a Java-based HTTP server, according to Trend Micro.

The malware uses a Web console like:
 

Related content

Expertswarn of Java exploit

DisableJava, security experts urge

To protect their servers from the threat, Trend Microadvises administrators to regularly implement security updates issued bysoftware vendors; refrain from visiting unknown websites and bookmark trustedsites. Users are also encouraged to use strong passwords.

Readthe whole story here

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now