In brief: Symantec has uncovered a backdoor self-replicating worm that targets websites running Apache Tomcat.
The worm (Java.Tomdep) affected Mac OS X, Linux and Solaris boxes. A Java Servlet executed on Apache Tomcat opened an IRC link to attacker servers based in Taiwan and Luxembourg.
The worm attempted to log in with weak usernames and passwords when another Tomcat server was detected.
Symantec said: "Aside from standard commands such as download, upload, creating new process, SOCKS proxy, UDP flooding, and updating itself; compromised computers can also scan for other Tomcat servers and send the malware to them."
"It is thus possible that DDoS attacks from the compromised servers are the attacker’s purpose."
.jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
Melbourne Cloud & Datacenter Convention 2026
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
