Warwick Ashford is chief reporter at Computer Weekly. He joined the CW team in June 2007 and is focused on IT security, business continuity, IT law and issues relating to regulation, compliance and governance. Before joining CW, he spent four years working in various roles including technology editor for ITWeb, an IT news publisher based in Johannesburg, South Africa. In addition to news and feature writing for ITWeb’s print publications, he was involved in liaising with sponsors of specialist news areas on the ITWeb site and developing new sponsorship opportunities. He came to IT journalism after three years as a course developer and technical writer for an IT training organisation and eight years working in radio news as a writer and presenter at the South African Broadcasting Corporation (SABC).
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
email@example.com 020 8652 8505 Active Warwick Ashford False True
A new worm is compromising servers running older versions of the JBoss Application Server and then adding them to a botnet, security firm Kaspersky Lab has warned.
The worm also attempts to install a remote access tool to give the attacker control over the newly infected server.
Researchers say the worm appears to exploit an old vulnerability in the JBoss Application Server, which was patched in April 2010.
Red Hat, which provides paid support for the open-source JBoss software, said the vulnerability the worm exploits has been patched for more than a year and a half and users running outdated versions of the JBoss Application Server should patch their installations immediately.
Many businesses outsource web application development and once the application is deployed, service contracts may lapse or IT staff may not be paying much attention to them, says Marcus Carey, security researcher at security firm Rapid7.
"Many organisations treat these deployments as black boxes, and don't touch them out of fear that they'll break something," he said.
The use of this new malware associated with JBoss is something we have not seen before, says Carey, but the actual vulnerability it is exploiting should have been snuffed out years ago.
"This is far more a business failure than a software security failure at this point," he said.
This means 99% of all attacks during the same period distributed malware through familiar techniques, such as social engineering and unpatched vulnerabilities.
Reports of the new JBoss worm, as well as the Microsoft report, both show the need to get back to basics in security, says Carey.
"This means better training users and system administrators to prioritise known threats," he said.
MetaKeywords MetaDescription Sensitive Landingpage False