Fresh PC Malware Contaminating JBoss Application Server, Detected

One fresh PC-worm is hijacking Internet-connected computers running JBoss Application Server (earlier versions) as also subsequently recruiting them to one network-of-bots, warns Kaspersky Lab the security company.

Reportedly, the worm as well makes an effort for loading software that gives hackers remote access to freshly contaminated computers.

Investigators state that this worm apparently abuses a previous April 2010 patched security flaw that was found within the JBoss software.

Also Red Hat that supplies JBoss Application Server (an open-source application) 'paid support,' stated that the particular flaw had been patched since over 18 months while computer operators using expired JBoss versions required updating their software instantly.

Meanwhile, Security Researcher Marcus Carey of Rapid7 a security company says that several enterprises outsource the designing of web software, which when installed, may result in break of service contracts alternatively low attention by IT personnel towards the same. Therefore, several companies regard such installations like black boxes that they don't touch in apprehension of breaking something, Carey continues. Computerweekly.com published this on October 24, 2011.

The researcher further says that the JBoss worm getting utilized is for the first time, although the flaw it's abusing should've been killed long time back. At the present juncture, this long wait represents a business shortcoming much more than security program shortcoming, he analyzes. Thetechherald.com published this on October 24, 2011.

Interestingly, when Microsoft recently published its yearly Security Intelligence Report, the JBoss assault seemed like one theoretical example. For, Microsoft claimed that vulnerabilities for which patches existed hugely exceeded zero-day assaults.

The research showed that security flaws where patches existed since more than 12 months contributed to 3.2% of all compromises as against 2.4% in case of patches that existed since less than 12 months. The highly discussed zero-day assaults contributed to merely 0.12% of compromises.

Eventually, based on the above ever-true statistics, Carey claims that there's greater possibility of companies for being attacked with exploits, which their security personnel didn't patch rather than with zero-day vulnerabilities. Overall, the need of the hour is improved system admin and user training for giving more attention to familiar threats, he concludes.

Related article: Fark.com Files Suit against Suspected Hacker from Fox13

» SPAMfighter News - 11/2/2011