Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Malware Found Targeting Web Servers

Trend Micro has spotted a piece of malware in the wild targeting Java-based HTTP servers and Java Servlet containers.

According to Trend Micro, the malware is disguised as a Java Server page (JSP). Once installed, it performs backdoor routines and gains control over vulnerable servers.

Trend Micro has spotted a piece of malware in the wild targeting Java-based HTTP servers and Java Servlet containers.

According to Trend Micro, the malware is disguised as a Java Server page (JSP). Once installed, it performs backdoor routines and gains control over vulnerable servers.

“For this attack to be successful, the targeted system must be a Java Servlet container (such as Apache Tomcat) or a Java-based HTTP server,” according to a blog post by Trend Micro’s researcher team. “Another possible attack scenario is when an attacker checks for websites powered by Apache Tomcat then attempts to access the Tomcat Web Application Manager.”

“Using a password cracking tool, cybercriminals are able to login and gain manager/administrative rights allowing the deployment of Web application archive (WAR) files packaged with the backdoor to the server,” the company noted. “The backdoor will be automatically added in the accessible Java Server pages.”

Aside from gaining access to sensitive information, an attacker that gains control of the infected system through the backdoor can carry out more malicious commands onto the vulnerable server, researchers explained.

According to Trend Micro, the malware impacts systems using Windows 2000, Windows Server 2003, Windows XP, Windows Vista and Windows 7. Despite the malware’s capabilities, the company classified the malware’s threat level as “low.”

“There are certain steps that users can do to avoid this threat,” according to the company. “First, users should regularly implement security updates issued by software vendors, to prevent exploits affecting software vulnerabilities. Another is to refrain from visiting unknown websites and bookmark trusted ones. Lastly, users should use strong passwords that are resilient to password cracking tools.”

The malware is detected by Trend Micro as BKDR_JAVAWAR.JG. 

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...