This sounds like an attack that has been seen before: http://markmail.org/message/jrqw75yw3d3xh3p6 That message also has tips on tightening security. In those cases it seems that the security hole was a weak password for the manager webapp. -- Len
On Thu, Jan 22, 2009 at 10:16, Toby Kurien <tobyis7...@gmail.com> wrote: > Hi, > I have a webapp for my company that has been running for several > years. Recently, we got infected by a trojan or virus and this has > been causing a lot of abnormal behavior. The trojan creates user > accounts in Windows and also creates web applications like safee.war > and zhu.war into the webapps folder of Tomcat and also shuts down > Tomcat. The trojan webapps have jsp and exe files which try to modify, > copy and delete files in the system and also try to access the > database. Symantec and Norton have not been able to rectify or detect > much. > I am totally at loss on what's going on and how to tighten or rectify > this. Anyone with any ideas is highly appreciated. > > Thanks, > -Toby > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
