Backdoor worm owns Tomcat boxes

By

Logs in with weak credentials.

In brief: Symantec has uncovered a backdoor self-replicating worm that targets websites running Apache Tomcat.

Backdoor worm owns Tomcat boxes

The worm (Java.Tomdep) affected Mac OS X, Linux and Solaris boxes. A Java Servlet executed on Apache Tomcat opened an IRC link to attacker servers based in Taiwan and Luxembourg. 
 
The worm attempted to log in with weak usernames and passwords when another Tomcat server was detected. 
 
Symantec said: "Aside from standard commands such as download, upload, creating new process, SOCKS proxy, UDP flooding, and updating itself; compromised computers can also scan for other Tomcat servers and send the malware to them."
 
"It is thus possible that DDoS attacks from the compromised servers are the attacker’s purpose."
Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Log In

  |  Forgot your password?