What version of Tomcat are you using?
What version of the JVM?
What version of Windows?
Are you up to date on your Windows patches?
________________________________
From: Toby Kurien <tobyis7...@gmail.com>
To: users@tomcat.apache.org
Sent: Thursday, January 22, 2009 9:16:46 AM
Subject: SECURITY breach in Tomcat
Hi,
I have a webapp for my company that has been running for several
years. Recently, we got infected by a trojan or virus and this has
been causing a lot of abnormal behavior. The trojan creates user
accounts in Windows and also creates web applications like safee.war
and zhu.war into the webapps folder of Tomcat and also shuts down
Tomcat. The trojan webapps have jsp and exe files which try to modify,
copy and delete files in the system and also try to access the
database. Symantec and Norton have not been able to rectify or detect
much.
I am totally at loss on what's going on and how to tighten or rectify
this. Anyone with any ideas is highly appreciated.
Thanks,
-Toby
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
