Hostwinds Blog

Search results for:


Report: Malware Targets Apache Servers

by: Bryon Turcotte  /  November 21, 2013


Tags: Hostwinds 

Symantec, the computer security software company, based in Mountain View, California, reports that malicious software has been discovered targeting the open-source web server application Apache Tomcat, according to a recent article published on the PC World website. Symantec calls the "worm-like" type malware "Java.Tomdep" and says that it is much different from other threats of its kind.

Takashi Katsuki, a researcher at Symantec, was quoted in the article saying, "Java.Tomdep differs from other server malware in that it's not written in the PHP scripting language._" Katsuki goes on to say, "_Instead, it acts like a Java Servlet, which is a Java programming language class that's designed to perform tasks for a web application. The malware servlet behaves like an IRC bot, receiving commands from an attacker."

The servlet, according to the article, can "send and receive files, create new processes, update itself and conduct a UDP (User Datagram Protocol) flood, a type of DDoS (Distributed Denial-of-Service) attack." The article reports that end-users accessing web pages hosted on a Tomcat server infected with this malware are not affected. This malware also searches for other Tomcat servers attempting a combination of weak usernames and passwords. "_System administrators should use strong passwords for Tomcat machines and not open up the management port to public access._," said Katsuki.

Learn more about this threat and how Symantec has found infected machines in countries around the globe, including the United States, in the full article on the PC World website.

Written by Bryon Turcotte  /  November 21, 2013

Need help? Chat now!