In brief: Symantec has uncovered a backdoor self-replicating worm that targets websites running Apache Tomcat.
The worm (Java.Tomdep) affected Mac OS X, Linux and Solaris boxes. A Java Servlet executed on Apache Tomcat opened an IRC link to attacker servers based in Taiwan and Luxembourg.
The worm attempted to log in with weak usernames and passwords when another Tomcat server was detected.
Symantec said: "Aside from standard commands such as download, upload, creating new process, SOCKS proxy, UDP flooding, and updating itself; compromised computers can also scan for other Tomcat servers and send the malware to them."
"It is thus possible that DDoS attacks from the compromised servers are the attacker’s purpose."