当前位置: 首页 > OpenSource > 正文

New backdoor worm found attacking websites running Apache Tomcat

Diagram showing how Tomdep receives commands and spreads to new machines.

Researchers have identified new self-replicating malware that infects computers running the Apache Tomcat Web server with a backdoor that can be used to attack other machines.

Java.Tomdep, as the backdoor worm has been dubbed, is Java Servlet-based code that gives Apache Tomcat platforms malicious capabilities. It causes infected machines to maintain Internet relay chat (IRC) communications with attacker servers located in Taiwan and Luxembourg. The control servers send commands and receive progress reports to and from the infected machines. Affected platforms include Linux, Mac OS X, Solaris, and most supported versions of Windows. Researchers haven’t said precisely how the malware takes initial hold of servers, but there’s no evidence yet it exploits any vulnerability in Tomcat or any other software running on infected servers.

In a blog post published Wednesday, Takashi Katsuki, a researcher at security firm Symantec, said Java.Tomdep appears to be designed to harness the huge amounts of bandwidth and computing power available to Web servers for use in denial-of-service attacks against other machines. Unlike Darkleech and other malware targeting Web servers, there’s no indication that it’s used to attack end users visiting websites. Katsuki explained:

Read 3 remaining paragraphs | Comments

       



本文固定链接: http://2hei.net/custom-id-new-backdoor-worm-found-attacking-websites-running-apache-tomcatwed-20-nov-2013-114040-0800.html | 2hei's site

该日志由 2hei 于2013年11月20日发表在 OpenSource 分类下,
原创文章转载请注明: New backdoor worm found attacking websites running Apache Tomcat | 2hei's site

报歉!评论已关闭.