Backdoor worm owns Tomcat boxes

By

Logs in with weak credentials.

In brief: Symantec has uncovered a backdoor self-replicating worm that targets websites running Apache Tomcat.

Backdoor worm owns Tomcat boxes

The worm (Java.Tomdep) affected Mac OS X, Linux and Solaris boxes. A Java Servlet executed on Apache Tomcat opened an IRC link to attacker servers based in Taiwan and Luxembourg. 
 
The worm attempted to log in with weak usernames and passwords when another Tomcat server was detected. 
 
Symantec said: "Aside from standard commands such as download, upload, creating new process, SOCKS proxy, UDP flooding, and updating itself; compromised computers can also scan for other Tomcat servers and send the malware to them."
 
"It is thus possible that DDoS attacks from the compromised servers are the attacker’s purpose."
Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?