Report: Malware Targets Apache Servers

Symantec, the computer security software company based in Mountain View, California, reports that malicious software has been discovered targeting the open-source web server application Apache Tomcat, according to a recent article published on the PC World website. Symantec calls the “worm-like” type malware “Java.Tomdep” and says that is much different from other threats of it’s kind.

Takashi Katsuki, a researcher at Symantec, was quoted in the article saying, “Java.Tomdep differs from other server malware in that it’s not written in the PHP scripting language.” Katsuki goes on saying, “Instead, it acts like a Java Servlet, which is a Java programming language class that’s designed to perform tasks for a web application. The malware servlet behaves like an IRC bot, receiving commands from an attacker.”

The servlet, according to the article, can “send and receive files, create new processes, update itself and conduct a UDP (User Datagram Protocol) flood, a type of DdoS (Distributed Denial-of-Service) attack.” The article reports that end users accessing web pages hosted on a Tomcat server infected with this malware are not affected. This malware also searches for other Tomcat servers attempting a combination of weak usernames and passwords. “System administrators should use strong passwords for Tomcat machines and not open up the management port to public access.” said Katsuki.

Learn more about this threat and how Symantec has found infected machines in countries around the globe, including the United States, in the full article at the PC World website.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.