A malicious backdoor designed to infect web servers poses a severe threat, Trend Micro warns. The malware, dubbed BKDR_JAVAWAR.JG, poses as a Java Server page but actually creates a backdoor on compromised servers. "This malware may arrive as either a file downloaded from certain malicious sites or as a file dropped by other …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Thursday 3rd January 2013 11:47 GMT WeaselNo7

Java exploit?

Strictly speaking, is this a Java exploit? I might be reading this wrong, but it seems to me the server needs to be previously compromised so that a file is deployed. Only then is tomcat/other told to install a web portal to give easy access to the server for miscreants.

I'm guessing the ease of installing WARs is what's being used as an easy way of giving access, but apart from that, it's hardly a Java exploit?

I could certainly be wrong, not many details in that article.

8 0
Thursday 3rd January 2013 12:11 GMT BarnyR

Not really a Java Exploit

Completely agree with WeaselNo7. This is a fairly basic script which allows you to read/write/navigate files and folders on a server. There is nothing in the Trend article about this having the ability to actually get itself onto a system.

2 0
Thursday 3rd January 2013 12:23 GMT handle

Pointless article?

Same conclusion as WeaselNo7: crack the password to gain access to a server, and then you can do naughty things.

No wonder they removed the article rating system.

5 0
Thursday 3rd January 2013 12:36 GMT WeaselNo7

Maybe

It would probably avoid confusion if the article concentrated on this being an 'innovative use of an existing tomcat/other servlet container on an already compromised server to allow ne'er-do-wells to have easy web access to server content'.

2 0
Thursday 3rd January 2013 13:02 GMT Anonymous Coward

Journalism 101

On headlines put some words on a BIG FONT and you are done.

3 0
Thursday 3rd January 2013 13:49 GMT Destroy All Monsters

Trendlabs, clear as mud.

This malware may arrive as either a file downloaded from certain malicious sites or as a file dropped by other malware.

Woah now, someone with Hollywood cyberspace sense must have written this.

What does it all mean?

4 1
1. Thursday 3rd January 2013 18:53 GMT Anonymous Coward
  
  Re: Trendlabs, clear as mud.
  
  The whole original blog post is pretty useless " We recently spotted a Java Server page that performs backdoor routines and gains control over vulnerable server.
  
  But what does it mean by "vulnerable server" - one that's mis-configured or what?
  
  And why haven't the journalists at El Reg tried to work out what they mean..???
  
  0 0
Thursday 3rd January 2013 15:15 GMT Ryan 7

Surely if Java is running on your server

Then it's already useless anyway?

3 0
Friday 4th January 2013 02:08 GMT OffBeatMammal

wait? what?....

this can't be blamed on Microsoft? what's happening? Were the Mayans right... did the world end while I nursed my festive hangover?!

1 0
Friday 4th January 2013 02:12 GMT P. Lee

Remote access server app allows remote access SHOCK!

I think by "vulnerable host" they mean "one that's already been hacked and had a malicious JSP uploaded to it."

i.e. if the web system/account has been compromised, the JSP will then attack other accounts on the system.

I'm sure there's a Blackadder quote which goes with that statement.

0 0
Sunday 6th January 2013 21:44 GMT Anonymous Coward

Malware doesn't open creaky back door to servers ..

Let me see if I understand, you first have to brute-force the admin password on a Java-based HTTP server, only then can you upload and install the malware, which can only target Windows. What's the point of posting this 'information' ?

0 0