Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: JBoss Worm SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
JBoss Worm

A worm is making the round infecting JBoss application servers. JBoss is an open source Java based application server and it is currently maintained by RedHat. 

If you do run JBoss, please make sure to read the instructions posted by RedHat here:

http://community.jboss.org/blogs/mjc/2011/10/20/statement-regarding-security-threat-to-jboss-application-server

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Johannes

3904 Posts
ISC Handler
Oct 21st 2011
From what I can see, the two hosts listed in the perl code do not actually resolve to an address so cannot be connected to at his point.
Maybe they will become active in time.
Anonymous
LCV> I'm pretty sure that due to the disclosure of the source code you'll find new variations of worm and new (script kiddie) domains.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!