Automated Hacking Tools

Friday, August 16, 2013 @ 04:08 PM gHale


Automation works even in the hacking environment.

It appears just a few days after Apache released a new version of the Struts application development framework that addressed a series of bugs, researchers came across automated tools designed to exploit the security holes in question.

RELATED STORIES
Apache Struts Fixes Critical Holes
Apache Struts: Another Week, Another Fix
Apache Struts Security Patch Again
Apache Server Log File Hole

The tools, created by Chinese hackers, target Struts vulnerabilities that can end up exploited to run arbitrary commands on the impacted servers, said researchers at Trend Micro.

It all started about a month ago when the Apache Software Foundation released Struts 2.3.15.1, an update to the popular Java Web application development framework. The patch released because vulnerabilities in older versions of Struts could allow attackers to run arbitrary code on vulnerable servers.

The hacking tools are capable of performing several tasks. They can acquire information about the target, steal data, gain and maintain access to the targeted system, and remove evidence of an attack.

To date, the attacks hit Asian organizations, Trend Micro said.

Additional technical details regarding the attacks and the hacker tools are available on Trend Micro’s blog.



Leave a Reply

You must be logged in to post a comment.