A malware that strikes at Java HTTP servers and allows attackers to gain control on underlying systems has been spotted by security researchers of anti-virus vendor Trend Micro Inc.
“Using a password cracking tool, cybercriminals are able to login and gain manager/administrative rights allowing the deployment of Web application archive (WAR) file packages with the backdoor to the server,” according to a post last Thursday on the Trend Labs. “…Once done, the backdoor can now browse, upload, edit, delete, download or copy files from the infected system.”
The malware, identified as BKDR-JAVAWAR.JG, comes if the form of a JavaServer Page (JSP) and can only target Java Servlet containers such as Apache Tomcat of a Java-based HTTP server, according to Trend Micro.
The malware uses a Web console like:
Related content
Experts warn of Java exploit
Disable Java, security experts urge
To protect their servers from the threat, Trend Micro advises administrators to regularly implement security updates issued by software vendors; refrain from visiting unknown websites and bookmark trusted sites. Users are also encouraged to use strong passwords.
Read the whole story here