Worm targeting Apache Tomcat servers, possibly for DDoS

Infections have been found on servers in nine countries

A worm-like type of malicious software has been found targeting Apache Tomcat, an open-source Web server application, according to Symantec.

The malware, which Symantec calls "Java.Tomdep," differs from other server malware in that it's not written in the PHP scripting language, wrote Takashi Katsuki in a blog post.

Instead, it acts like a Java Servlet, which is a Java programming language class that's designed to perform tasks for a web application. The malware servlet behaves like an IRC bot, receiving commands from an attacker, Katsuki wrote.

It can send and receive files, create new processes, update itself and conduct a UDP (user datagram protocol) flood, a type of DDoS (distributed denial-of-service) attack.

The command-and-control servers have been traced to Taiwan and Luxembourg, he wrote. End users who access web pages hosted on an infected Tomcat server are not affected by the malware.

Java.Tomdep also hunts for other Tomcat servers, trying a series of weak usernames and passwords. Katsuki said system administrators should use strong passwords for Tomcat machines and not open up the management port to public access.

Servers are rich targets for hackers since they run constantly and have high performance, Katsuki wrote.

The malware doesn't appear to be widespread, but Symantec has found infected machines in the U.S., Brazil, China, Italy, Sweden, Japan, South Korea, Vietnam and Malaysia.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaresymantec

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?