Security investigators from antivirus vendor Trend Micro have revealed a piece of malware that infects Java-based HTTP hosts and grants attackers to run malevolent commands on the underlying systems.
The threat, known as BKDR_JAVAWAR.JG, comes in the form of a JavaServer Page (.JSP), a type of Web page that can exclusively be deployed and processed from a specified Web server with a Java servlet container, such as Apache Tomcat.
Once a server is infected, the attacker can access it remotely and can utilize its functions to browse, upload, edit, delete and download from the infected system using a Web console interface. This is like the functionality offered by PHP-based backdoors, normally called PHP Web shells.
“Aside from gaining access to sensitive information, an attacker gains control of the infected system thru the backdoor and can carry out more malicious commands onto the vulnerable server,” Trend Micro researchers stated.