A worm is currently affecting older versions of the JBoss enterprise application server. JBoss is a popular implementation of the Java EE enterprise platform owned by Red Hat.
The worm attempts to connect to a JMX console on a JBoss server. JMX is a Java-related standard that aids the management of Java EE applications. Due to a bug in the default JMX configuration file in JBoss, only HTTP GET and POST commands to the JMX server are authenticated. The worm takes advantage of this by sending a HTTP HEAD request with a malicious payload that opens a back door on the management server. Then, the worm uploads a few Perl and Windows Batch files that scan for other vulnerable hosts and infect them as well. The worm also attempts to make the infected machine part of a botnet.
To protect themselves against this worm, JBoss users are urged to immediately upgrade to the newest version. A patch that will fix this vulnerability was released in April 2010. Alternatively, a user can delete two lines in the JMX configuration file which will force authentication for all HTTP requests and thwart the worm.