Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: JBoss Worm - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
JBoss Worm

A worm is making the round infecting JBoss application servers. JBoss is an open source Java based application server and it is currently maintained by RedHat. 

If you do run JBoss, please make sure to read the instructions posted by RedHat here:

http://community.jboss.org/blogs/mjc/2011/10/20/statement-regarding-security-threat-to-jboss-application-server

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022

Johannes

4511 Posts
ISC Handler
Oct 21st 2011
From what I can see, the two hosts listed in the perl code do not actually resolve to an address so cannot be connected to at his point.
Maybe they will become active in time.
Anonymous
LCV> I'm pretty sure that due to the disclosure of the source code you'll find new variations of worm and new (script kiddie) domains.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!