Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: JBoss Worm - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
JBoss Worm

A worm is making the round infecting JBoss application servers. JBoss is an open source Java based application server and it is currently maintained by RedHat. 

If you do run JBoss, please make sure to read the instructions posted by RedHat here:



Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Winter 2019


3656 Posts
ISC Handler
From what I can see, the two hosts listed in the perl code do not actually resolve to an address so cannot be connected to at his point.
Maybe they will become active in time.
LCV> I'm pretty sure that due to the disclosure of the source code you'll find new variations of worm and new (script kiddie) domains.

Sign Up for Free or Log In to start participating in the conversation!