New PC Worm atack on servers with JBoss Application Server

Custom Search

Hack in The Box
Experts Galaxy
UK Cheapest Hosting
DJ Software
Scanpst.exe
A3 Multifunction
Electricity Prices
Texas Electricity
Electricity Rates in Texas
Electric Companies in Texas
Web Design Geelong
SellSimple
MSN
Wallpapers
NewsApp Portal
Recover files from recycle bin

[Welcome to SCforum.info - Security [CENTRAL] Forum]

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here and wait for approval from Administrator. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply browse Forum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)

[Samker]

A new worm doing the rounds is turning servers running older versions of the JBoss Application Server into botnet drones.

The malware behind the attack is significant both because it targets servers rather than PCs and for its reliance on exploiting a vulnerability that is over a year old – a flaw in JBoss Application Server patched by Red Hat in April 2010 – in order to attack new machines: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0738
The worm's payload includes a variety of Perl scripts, one of which builds a backdoor on compromised machines.

Marcus Carey, security researcher & community manager at Rapid7, said that outsourcing practices had exacerbated the patching deficiencies that the worm exploited.

"Many businesses outsource web application development and once the application is deployed, service contracts may lapse or IT staff may not be paying much attention to them," Carey said.

"The use of this new malware associated with JBoss is something we have not seen before. However, the actual vulnerability it is exploiting should have been snuffed out years ago. This is far more a business failure than a software security failure at this point," he added.

The last edition of Microsoft’s Security Intelligence Report found that exploits with a patch available for over a year accounted for 3.2 per cent of compromises. By comparison zero-day attacks were responsible for just 0.12 per cent of malicious activity.

(ElReg)