Java server malware targets Windows systems

Share this article:

Researchers have discovered a backdoor delivered by a malicious JavaServer Page (JSP), which targets vulnerable Java-based HTTP servers and allows an attacker to hijack infected systems.

The malware, called “JavaWar,” infects victims via drive-by download or as a file dropped by other malware, and targets Windows operating systems, including 7, Vista, XP, Server 2003 and 2000. So far, however, in-the-wild instances of the threat have been limited.

To launch an attack, saboteurs use a password-cracking tool to gain administrator access to JSP, where they can then delete, edit, download or copy files from the infected server, according to research from Trend Micro, which discovered the threat.

In a blog published last Thursday to Trend Micro's site, researchers said attackers could also gain access to servers by targeting a Java Servlet container, like Apache Tomcat, or by exploiting the Tomcat Web Application Manager used in websites powered by Tomcat, an open source web server that provides software applications for users.

“Aside from gaining access to sensitive information, an attacker gains control of the infected system through the backdoor and can carry out more malicious commands onto the vulnerable server,” the blog post said.

Trend Micro advised users to implement strong passwords to thwart attacks executed with password-cracking tools, as well as visit only trusted sites and maintain software updates.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.