New JBoss worm highlights cost of failure to keep IT security updated

A new worm is compromising servers running older versions of the JBoss Application Server and then adding them to a botnet, warns security firm Kaspersky Lab.

Warwick Ashford Warwick Ashford

Warwick Ashford is chief reporter at Computer Weekly. He joined the CW team in June 2007 and is focused on IT security, business continuity, IT law and issues relating to regulation, compliance and governance. Before joining CW, he spent four years working in various roles including technology editor for ITWeb, an IT news publisher based in Johannesburg, South Africa. In addition to news and feature writing for ITWeb’s print publications, he was involved in liaising with sponsors of specialist news areas on the ITWeb site and developing new sponsorship opportunities. He came to IT journalism after three years as a course developer and technical writer for an IT training organisation and eight years working in radio news as a writer and presenter at the South African Broadcasting Corporation (SABC).

View all articles by Warwick Ashford >>

[email protected] 020 8652 8505 Active Warwick Ashford False True

A new worm is compromising servers running older versions of the JBoss Application Server and then adding them to a botnet, security firm Kaspersky Lab has warned.

The worm also attempts to install a remote access tool to give the attacker control over the newly infected server.

Researchers say the worm appears to exploit an old vulnerability in the JBoss Application Server, which was patched in April 2010.

Red Hat, which provides paid support for the open-source JBoss software, said the vulnerability the worm exploits has been patched for more than a year and a half and users running outdated versions of the JBoss Application Server should patch their installations immediately.

Many businesses outsource web application development and once the application is deployed, service contracts may lapse or IT staff may not be paying much attention to them, says Marcus Carey, security researcher at security firm Rapid7.

"Many organisations treat these deployments as black boxes, and don't touch them out of fear that they'll break something," he said.

The use of this new malware associated with JBoss is something we have not seen before, says Carey, but the actual vulnerability it is exploiting should have been snuffed out years ago.

"This is far more a business failure than a software security failure at this point," he said.

Less than 1% of security exploits in the first half of 2011 were against zero-day or unpatched vulnerabilities, according to the latest Microsoft Security Intelligence Report.

This means 99% of all attacks during the same period distributed malware through familiar techniques, such as social engineering and unpatched vulnerabilities.

Reports of the new JBoss worm, as well as the Microsoft report, both show the need to get back to basics in security, says Carey.

"This means better training users and system administrators to prioritise known threats," he said.

MetaKeywords MetaDescription Sensitive Landingpage False

Read more on IT news in your industry sector