Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: JBoss Worm SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
JBoss Worm

A worm is making the round infecting JBoss application servers. JBoss is an open source Java based application server and it is currently maintained by RedHat. 

If you do run JBoss, please make sure to read the instructions posted by RedHat here:

http://community.jboss.org/blogs/mjc/2011/10/20/statement-regarding-security-threat-to-jboss-application-server

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS Cyber Defense Initiative 2020

Johannes

4006 Posts
ISC Handler
Oct 21st 2011
From what I can see, the two hosts listed in the perl code do not actually resolve to an address so cannot be connected to at his point.
Maybe they will become active in time.
Anonymous
LCV> I'm pretty sure that due to the disclosure of the source code you'll find new variations of worm and new (script kiddie) domains.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!