Hello All,
I am hoping someone can shed some light on the following issue. I am using a third party software package from KnoahSoft company.
As part of their deployment, they use JBOSS and their current approved build is JBOSS-4.2.3-GA
http://sourceforge.net/projects/jboss/files/JBoss/JBoss-4.2.3.GA/
The problem is that the production CPU is constantly pegging at 100% and it's due to this MINERD.exe being installed intermittently from a war file that mysteriously shows up under the jboss-4.2.3.GA\server\default\tmp\deploy folder as can be see from the attached picture.
Even if I delete the .exe and restart JBOSS the file eventually shows up again and starts using all the CPU resources.
If I edit the index.jsp file I notice a reference to JSP RAT and that appears to confirm others findings that it's probably malicious.
JSP RAT
http://bri-blog.blogspot.com/2012/12/jsp-rat-by-jeroy.html
http://nickhumphreyit.blogspot.com/2013/07/jsp-rat-by-jeroy-hacked-jboss-422-server.html
http://grokbase.com/t/tomcat/users/12bv3sbkpy/malware-found-the-tomcat-6-0-29
http://nickhumphreyit.blogspot.no/2013/07/jboss-422-files-that-need-execute.html
http://breenmachine.blogspot.no/2013/09/jboss-jmxinvokerservlet-exploit.html
http://nickhumphreyit.blogspot.com/2013/07/jsp-rat-by-jeroy-hacked-jboss-422-server.html
