This content has been marked as final. Show 2 replies
I am hoping someone can shed some light on the following issue. I am using a third party software package from KnoahSoft company.
As part of their deployment, they use JBOSS and their current approved build is JBOSS-4.2.3-GA
The problem is that the production CPU is constantly pegging at 100% and it's due to this MINERD.exe being installed intermittently from a war file that mysteriously shows up under the jboss-4.2.3.GA\server\default\tmp\deploy folder as can be see from the attached picture.
Even if I delete the .exe and restart JBOSS the file eventually shows up again and starts using all the CPU resources.
If I edit the index.jsp file I notice a reference to JSP RAT and that appears to confirm others findings that it's probably malicious.