Menu
Worm targeting Apache Tomcat servers, possibly for DDoS

Worm targeting Apache Tomcat servers, possibly for DDoS

Infections have been found on servers in nine countries

A worm-like type of malicious software has been found targeting Apache Tomcat, an open-source Web server application, according to Symantec.

The malware, which Symantec calls "Java.Tomdep," differs from other server malware in that it's not written in the PHP scripting language, wrote Takashi Katsuki in a blog post.

Instead, it acts like a Java Servlet, which is a Java programming language class that's designed to perform tasks for a web application. The malware servlet behaves like an IRC bot, receiving commands from an attacker, Katsuki wrote.

It can send and receive files, create new processes, update itself and conduct a UDP (user datagram protocol) flood, a type of DDoS (distributed denial-of-service) attack.

The command-and-control servers have been traced to Taiwan and Luxembourg, he wrote. End users who access web pages hosted on an infected Tomcat server are not affected by the malware.

Java.Tomdep also hunts for other Tomcat servers, trying a series of weak usernames and passwords. Katsuki said system administrators should use strong passwords for Tomcat machines and not open up the management port to public access.

Servers are rich targets for hackers since they run constantly and have high performance, Katsuki wrote.

The malware doesn't appear to be widespread, but Symantec has found infected machines in the U.S., Brazil, China, Italy, Sweden, Japan, South Korea, Vietnam and Malaysia.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaresymantec

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Show Comments