Saturday, August 19, 2017
Home / Malware / Java Servers being Targeted by New Malware

Java Servers being Targeted by New Malware

Security investigators from antivirus vendor Trend Micro have revealed a piece of malware that infects Java-based HTTP hosts and grants attackers to run malevolent commands on the underlying systems.

The threat, known as BKDR_JAVAWAR.JG, comes in the form of a JavaServer Page (.JSP), a type of Web page that can exclusively be deployed and processed from a specified Web server with a Java servlet container, such as Apache Tomcat.

Once a server is infected, the attacker can access it remotely and can utilize its functions to browse, upload, edit, delete and download from the infected system using a Web console interface. This is like the functionality offered by PHP-based backdoors, normally called PHP Web shells.

“Aside from gaining access to sensitive information, an attacker gains control of the infected system thru the backdoor and can carry out more malicious commands onto the vulnerable server,” Trend Micro researchers stated.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

New FastPOS malware targeting Point-of-Sale systems

Experts have disclosed a new category of malware, labeled “FastPOS,” that has the ability to quickly …