Symantec, the computer security software company based in Mountain View, California, reports that malicious software has been discovered targeting the open-source web server application Apache Tomcat, according to a recent article published on the PC World website. Symantec calls the “worm-like” type malware “Java.Tomdep” and says that is much different from other threats of it’s kind.
Takashi Katsuki, a researcher at Symantec, was quoted in the article saying, “Java.Tomdep differs from other server malware in that it’s not written in the PHP scripting language.” Katsuki goes on saying, “Instead, it acts like a Java Servlet, which is a Java programming language class that’s designed to perform tasks for a web application. The malware servlet behaves like an IRC bot, receiving commands from an attacker.”
The servlet, according to the article, can “send and receive files, create new processes, update itself and conduct a UDP (User Datagram Protocol) flood, a type of DdoS (Distributed Denial-of-Service) attack.” The article reports that end users accessing web pages hosted on a Tomcat server infected with this malware are not affected. This malware also searches for other Tomcat servers attempting a combination of weak usernames and passwords. “System administrators should use strong passwords for Tomcat machines and not open up the management port to public access.” said Katsuki.