Feeds

back to article Malware SNEAK dons cunning disguise, opens creaky back door to servers

A malicious backdoor designed to infect web servers poses a severe threat, Trend Micro warns. The malware, dubbed BKDR_JAVAWAR.JG, poses as a Java Server page but actually creates a backdoor on compromised servers. "This malware may arrive as either a file downloaded from certain malicious sites or as a file dropped by other …

COMMENTS

This topic is closed for new posts.
Thumb Down

Java exploit?

Strictly speaking, is this a Java exploit? I might be reading this wrong, but it seems to me the server needs to be previously compromised so that a file is deployed. Only then is tomcat/other told to install a web portal to give easy access to the server for miscreants.

I'm guessing the ease of installing WARs is what's being used as an easy way of giving access, but apart from that, it's hardly a Java exploit?

I could certainly be wrong, not many details in that article.

8
0
FAIL

Not really a Java Exploit

Completely agree with WeaselNo7. This is a fairly basic script which allows you to read/write/navigate files and folders on a server. There is nothing in the Trend article about this having the ability to actually get itself onto a system.

2
0
Bronze badge

Pointless article?

Same conclusion as WeaselNo7: crack the password to gain access to a server, and then you can do naughty things.

No wonder they removed the article rating system.

5
0
Meh

Maybe

It would probably avoid confusion if the article concentrated on this being an 'innovative use of an existing tomcat/other servlet container on an already compromised server to allow ne'er-do-wells to have easy web access to server content'.

2
0
Bronze badge
Megaphone

Journalism 101

On headlines put some words on a BIG FONT and you are done.

3
0
Silver badge
FAIL

Trendlabs, clear as mud.

This malware may arrive as either a file downloaded from certain malicious sites or as a file dropped by other malware.

Woah now, someone with Hollywood cyberspace sense must have written this.

What does it all mean?

4
1
Anonymous Coward

Re: Trendlabs, clear as mud.

The whole original blog post is pretty useless " We recently spotted a Java Server page that performs backdoor routines and gains control over vulnerable server.

But what does it mean by "vulnerable server" - one that's mis-configured or what?

And why haven't the journalists at El Reg tried to work out what they mean..???

0
0
Coat

Surely if Java is running on your server

Then it's already useless anyway?

3
0
Trollface

wait? what?....

this can't be blamed on Microsoft? what's happening? Were the Mayans right... did the world end while I nursed my festive hangover?!

1
0
Silver badge
Paris Hilton

Remote access server app allows remote access SHOCK!

I think by "vulnerable host" they mean "one that's already been hacked and had a malicious JSP uploaded to it."

i.e. if the web system/account has been compromised, the JSP will then attack other accounts on the system.

I'm sure there's a Blackadder quote which goes with that statement.

0
0
IT Angle

Malware doesn't open creaky back door to servers ..

Let me see if I understand, you first have to brute-force the admin password on a Java-based HTTP server, only then can you upload and install the malware, which can only target Windows. What's the point of posting this 'information' ?

0
0
This topic is closed for new posts.