Skip to main content
O
ondrej255
Participant
March 18, 2014
Answered

Adobe Coldfusion8, JRun4, m32.exe and m64.exe taking 100% of the CPU

  • March 18, 2014
  • 1 reply
  • 6340 views

Hello

on two CF8 Servers which we are running for several years I could see that recently we have two processes inside the Jrun4 folder cfusion82\cfusion.ear\cfusion.war\CFIDE\m32\m32.exe and cfusion82\cfusion.ear\cfusion.war\CFIDE\m64\m64.exe taking 100% of the CPU. Action appears randomly and occurs on two server without any user interaction. Killing those processes does not seem to have any effect on the functionalty of the system.

Also in the coldfusion reactor I am not able to see any request which would be connected to this behaviour.

Does anyone know what are these processes?

Strange thing is that the files have been created just recently and on each system/instances in different days.


Thank you very much for answer!

    This topic has been closed for replies.
    Correct answer carl type3

    Seems you are not alone. You might like this blog:

    http://www.code-complete.com/code/index.php?/archives/64-Coldfusion-CFIDE-bitcoin-mining-exploit.html

    HTH, Carl.

    1 reply

    C
    carl type3Correct answer
    Legend
    March 18, 2014

    Seems you are not alone. You might like this blog:

    http://www.code-complete.com/code/index.php?/archives/64-Coldfusion-CFIDE-bitcoin-mining-exploit.html

    HTH, Carl.

    S
    String_Thing
    Participating Frequently
    March 24, 2014

    Thanks for posting this.  I too am having this problem.  Perhaps if this exploit is serious enough we will get a patch?

    Steve

    pete_freitag
    pete_freitag
    Participating Frequently
    March 24, 2014

    If your server was compromised due to a hole in CF9+ that has not already been patched, then Adobe will patch it. But I think the much more likely scenario is that the attackers have leveraged an issue that has been patched by Adobe, but the patch was not applied to your server. What version of CF are you running?

    Have you applied all the security fixes here: http://helpx.adobe.com/security/products/coldfusion.html

    My company also has a service that can help identify if you have applied the patches: http://hackmycf.com/ there is a free scan and a more indepth subscription service.

    --

    Pete Freitag

    Foundeo Inc.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices