Symantec has identified that servers running Apache Tomcat are being affected by a back door worm that acts as a Java Servelet; yet instead of creating a web page, it behaves as an IRC bot that receives commands from the attacker.
Users landing on the pages from the compromised server are not in any danger though, because the threat (Java.Tomdep) is designed to scan and infect other Tomcat servers.
Logging to other servers seems to be achieved by trying a set of weak …
Comments are closed.
