2 Replies Latest reply on Jan 4, 2015 11:02 PM by tcunning

    MINERD.EXE keeps showing up in JBOSS-4.2.3.GA on production server

    Mark Jones Newbie

      Hello All,

      I am hoping someone can shed some light on the following issue.  I am using a third party software package from KnoahSoft company.


      As part of their deployment, they use JBOSS and their current approved build is JBOSS-4.2.3-GA



      The problem is that the production CPU is constantly pegging at 100% and it's due to this MINERD.exe being installed intermittently from a war file that mysteriously shows up under the jboss-4.2.3.GA\server\default\tmp\deploy folder as can be see from the attached picture.


      Even if I delete the .exe and restart JBOSS the file eventually shows up again and starts using all the CPU resources.


      If I edit the index.jsp file I notice a reference to JSP RAT and that appears to confirm others findings that it's probably malicious.


      JSP RAT