Risk Assessment / Security & Hacktivism New backdoor worm found attacking websites running Apache To

Old Man · 21 Nov 2013 at 07:59

Main reason for me bringing this up, is that we have something here which is targeting Linux and Mac OS X (as well as Windows); Linux is something we need to watch for with ever increasing frequency.

"Researchers have identified new self-replicating malware that infects computers running the Apache Tomcat Web server with a backdoor that can be used to attack other machines."

Article:
http://arstechnica.com/security/2013/11/new-backdoor-worm-found-attacking-websites-running-apache-tomcat/

Dunks · 21 Nov 2013 at 08:03

Ok, thanks.

[FnG]magnolia · 21 Nov 2013 at 08:03

Like I'm going to click your RSS link/feed which you've set up with the BACKDOOR WORM HIDDEN IN IT YOU MONSTER

ci_newman · 21 Nov 2013 at 10:14

Thanks?

Deleted member 651465 · 21 Nov 2013 at 11:08

I'm interested in your thoughts about it, not some link-and-run

KIA · 21 Nov 2013 at 15:33

Tomdep-infected machines also seek out other servers running Apache Tomcat and attempt to log in to them using commonly used combinations of user names and passwords. When the credentials match, Tomdep gets installed on another machine.

Super advanced malware.

memyselfandi · 21 Nov 2013 at 17:55

Looking at the article linked to from the OPs link it tries logging onto other instances found using common username: password combinations such as admin:admin, admin: password and root:root (amongst others given).

Frankly if you are using combinations such as these you deserve all you get as a learning experience ...

Narj · 21 Nov 2013 at 18:34

[FnG]magnolia;25346899 said:
Like I'm going to click your RSS link/feed which you've set up with the BACKDOOR WORM HIDDEN IN IT YOU MONSTER

I certainly don't want anything worming its way into my back door.

Risk Assessment / Security & Hacktivism New backdoor worm found attacking websites running Apache To

Deleted member 651465

Deleted member 651465