A malware that strikes at Java HTTP servers and allows attackers to gain control on underlying systems has been spotted by security researchers of anti-virus vendor Trend Micro Inc.
“Using a password cracking tool, cybercriminals are able to login and gain manager/administrative rights allowing the deployment of Web application archive (WAR) file packages with the backdoor to the server,” according to a post last Thursday on the Trend Labs. “…Once done, the backdoor can now browse, upload, edit, delete, download or copy files from the infected system.”
The malware, identified as BKDR-JAVAWAR.JG, comes if the form of a JavaServer Page (JSP) and can only target Java Servlet containers such as Apache Tomcat of a Java-based HTTP server, according to Trend Micro.
The malware uses a Web console like:
Experts warn of Java exploit
Disable Java, security experts urge
To protect their servers from the threat, Trend Micro advises administrators to regularly implement security updates issued by software vendors; refrain from visiting unknown websites and bookmark trusted sites. Users are also encouraged to use strong passwords.
Read the whole story here