Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Jaime Benigno Reyes (Threat Response Engineer)

    Malware like BKDR_JAVAWAR.JG prove that web servers are viable targets by cybercriminals, as they store crucial data and can be used to infect other systems once unwitting users visit affected websites.

    We recently spotted a Java Server page that performs backdoor routines and gains control over vulnerable server. Trend Micro detects this as BKDR_JAVAWAR.JG. This malware may arrive as either a file downloaded from certain malicious sites or as a file dropped by other malware.

    For this attack to be successful, the targeted system must be a Java Servlet container (such as Apache Tomcat) or a Java-based HTTP server. Another possible attack scenario is when an attacker checks for websites powered by Apache Tomcat then attempts to access the Tomcat Web Application Manager.

    Using a password cracking tool, cybercriminals can access and gain manager/administrative rights allowing the deployment of Web application archive (WAR) files packaged with the backdoor to the server. The backdoor will be automatically added in the accessible Java Server pages. To execute its routine, the attacker can access the Java Server page using the following:

    Error! Hyperlink reference not valid. sub-directory inside Tomcat webapps folder}/{malware name}

    Read the rest of this entry »

    Posted in Malware | Comments Off on Backdoor Disguised as Java Server Page Targets Web-hosting Servers


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice