Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Java IT Technology

Out-of-Date Apps Put 3 Million Servers At Risk of Crypto Ransomware Infections (arstechnica.com) 34

An anonymous reader cites an article on Ars Technica: More than 3 million Internet-accessible servers are at risk of being infected with crypto ransomware because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application, researchers from Cisco Systems said Friday. About 2,100 of those servers have already been compromised by webshells that give attackers persistent control over the machines, making it possible for them to be infected at any time, the Cisco researchers reported in a blog post. The compromised servers are connected to about 1,600 different IP addresses belonging to schools, governments, aviation companies, and other types of organizations. Some of the compromised servers belonged to school districts that were running the Destiny management system that many school libraries use to keep track of books and other assets. Cisco representatives notified officials at Destiny developer Follett Learning of the compromise, and the Follett officials said they fixed a security vulnerability in the program. Follett also told Cisco the updated Destiny software also scans computers for signs of infection and removes any identified backdoors.
This discussion has been archived. No new comments can be posted.

Out-of-Date Apps Put 3 Million Servers At Risk of Crypto Ransomware Infections

Comments Filter:
  • Hmmmmm..... (Score:4, Interesting)

    by Frosty Piss ( 770223 ) * on Saturday April 16, 2016 @04:30PM (#51923727)

    because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application

    ...and...

    hat were running the Destiny management system that many school libraries use to keep track of books and other assets

    So is this a JBoss issue? A Destiny Management System issue? What is the vector? The summary is unclear on exactly what the issue is...

    • Re:Hmmmmm..... (Score:4, Interesting)

      by Calydor ( 739835 ) on Saturday April 16, 2016 @05:00PM (#51923863)

      The issue seems to be "Unpatched software vulnerable to exploits".

    • It's against slashdot policy to mention Windows in a post regarding 'computer' malware :)
      • by KGIII ( 973947 )

        I'm not sure what would make you think that. I realize you're new here so you probably don't know a whole lot but, rest assured, that is not true. On top of that, this article really doesn't have a whole lot to do with Windows. In fact, it specifically mentions that it's applications running on computers that use the Linux kernel (though I suppose there might be a few Windows servers with JBoss installed but I'm not sure if they'd have Destiny - I don't really keep up with Windows much anymore).

        But no... Yo

        • "I'm not sure what would make you think that."

          Someone on a windows computer clicks on a malicious URL and gets owned.
    • The article basically says "update when your Internet masters tell you to, you luddite slacker!"

      • Quite so. Even the front line is misleading: it reads "Out-of-Date Apps Put 3 Million Servers At Risk" when it really should read "buggy apps put 3 million servers at risk". Well, of course, this would put the blame on shoddy software vendors, so it's better to blame the customers.

    • It looks like an RMI / Apache Commons thing.

      A bunch of popular Java application servers like JBoss, WebLogic, WebSphere or applications like Jenkins use RMI or at least similar (de)serialization of Java objects for a variety of things like e.g. remote management. They also seem to be rather trusting of the clients and serialized objects they receive and deserialize on the server side.

      Now, if I remember correctly, you can only deserialize classes on your CLASSPATH, so you usually can't just send a serial
  • by jader3rd ( 2222716 ) on Saturday April 16, 2016 @05:22PM (#51923957)
    There was an earlier Slashdot [slashdot.org] post about how Apple wants people to buy new devices and software on a regular basis, but the most popular comments were about how old software is the best, and that there's never a reason to update it, so long as the software is doing what you got it for in the first place. Now there's this article in which the solution to the problem is to update the software. Oh, what am I supposed to think?!
  • by Ed Tice ( 3732157 ) on Saturday April 16, 2016 @05:42PM (#51924059)
    If I were to gain access to a machine like this and install a persistent web shell, I would then patch the underlying vulnerability in order to maintain control. Otherwise, the next guy to come along and exploit the defect can just kick me out. What fun is that?
  • Server apps? (Score:4, Insightful)

    by guises ( 2423402 ) on Saturday April 16, 2016 @07:48PM (#51924473)
    Wait, we're saying "apps" to describe non-mobile software now? Is that what we're doing? Could we avoid that if I asked politely?
    • by tlhIngan ( 30335 )

      Wait, we're saying "apps" to describe non-mobile software now? Is that what we're doing? Could we avoid that if I asked politely?

      I think server usage predated mobile applications. After all, we have application stacks such as LAMP, web applications, etc. All of which do get abbreviated to app. App stacks, web apps, etc.

  • Apparently, this idiotic term is trying to assimilate things it has absolutely no business describing.

Fast, cheap, good: pick two.

Working...