A malware that strikes at Java HTTP servers and allowsattackers to gain control on underlying systems has been spotted by securityresearchers of anti-virus vendor Trend Micro Inc.
“Using a password cracking tool, cybercriminals are ableto login and gain manager/administrative rights allowing the deployment of Webapplication archive (WAR) file packages with the backdoor to the server,”according to a post last Thursday on the Trend Labs. “…Once done, the backdoorcan now browse, upload, edit, delete, download or copy files from the infectedsystem.”
The malware, identified as BKDR-JAVAWAR.JG, comes if theform of a JavaServer Page (JSP) and can only target Java Servlet containerssuch as Apache Tomcat of a Java-based HTTP server, according to Trend Micro.
The malware uses a Web console like:
Related content
DisableJava, security experts urge
To protect their servers from the threat, Trend Microadvises administrators to regularly implement security updates issued bysoftware vendors; refrain from visiting unknown websites and bookmark trustedsites. Users are also encouraged to use strong passwords.