Security issue with sjxeni

Solution Verified - Updated -

Issue

  • We install jboss eap 6.1 on some nodes that are hosted on rackspace, they detect a malicious binary inside jboss home user . Can you help us to confirm this?
  • I was able to identify a single file in the /home/jboss directory named sjxeni which leads me to believe that the file is malicious. Here is some output from the machine:
[root@localhost ~]# ps aux | grep [s]jxeni
jboss    10565  0.0  0.0  23176   684 ?        Ss   00:25   0:00 ./sjxeni
jboss    10577  0.0  0.0  23176   684 ?        S    00:25   0:00 ./sjxeni
jboss    10578  0.0  0.0  23176   684 ?        S    00:25   0:00 ./sjxeni
jboss    10579  0.0  0.0  23176   684 ?        S    00:25   0:08 ./sjxeni
jboss    10580  0.0  0.0  23176   684 ?        S    00:25   0:00 ./sjxeni
jboss    10581  0.0  0.0  23176   684 ?        S    00:25   0:00 ./sjxeni
jboss    10582  0.0  0.0  23176   684 ?        S    00:25   0:00 ./sjxeni
jboss    10583  0.0  0.0  23176   684 ?        S    00:25   0:00 ./sjxeni
jboss    10585  0.0  0.0  23176   684 ?        S    00:25   0:00 ./sjxeni
jboss    10586  0.0  0.0  23176   684 ?        S    00:25   0:00 ./sjxeni
[root@localhost ~]# netstat -planut | grep sjxeni
tcp        0      1 172.24.16.41:47469          23.228.102.131:25000        SYN_SENT    10565/./sjxeni

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.1.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content