Posted on 29 September 2015. Attackers have developed a botnet capable of 150+ Gbps DDoS attack campaigns using XOR DDoS, a Trojan malware used to hijack Linux systems, according to Akamai.
What is XOR DDoS?
XOR DDoS is a Trojan malware that infects Linux systems, instructing them to launch DDoS attacks on demand by a remote attacker. Initially, attackers gain access by brute force attacks to discover the password to Secure Shell services on a Linux machine. Once login has been acquired, the attackers use root privileges to run a Bash shell script that downloads and executes the malicious binary. Full Article
XOR DDoS botnet launching attacks from compromised Linux machines
Userlevel 7
+54
Userlevel 7
"The following article is a update on Linux Systems in DDoS botnet attack"
************************************************************************************
By Lucian Constantin
A Linux botnet has grown so powerful that it can generate crippling distributed denial-of-service attacks at over 150 Gbps, many times greater than a typical company's infrastructure can withstand.
The malware behind the botnet is known as XOR DDoS and was first identified in September 2014. Attackers install it on Linux systems, including embedded devices such as Wi-Fi routers and network-attached storage devices, by guessing SSH (Secure Shell) login credentials using brute-force attacks.
The credentials are used to log into the vulnerable systems and execute shell commands that download and install the malicious program. To hide its presence, the malware also uses common rootkit techniques.
full article
************************************************************************************
A Linux botnet is launching crippling DDoS attacks at more than 150Gbps.
By Lucian Constantin
A Linux botnet has grown so powerful that it can generate crippling distributed denial-of-service attacks at over 150 Gbps, many times greater than a typical company's infrastructure can withstand.
The malware behind the botnet is known as XOR DDoS and was first identified in September 2014. Attackers install it on Linux systems, including embedded devices such as Wi-Fi routers and network-attached storage devices, by guessing SSH (Secure Shell) login credentials using brute-force attacks.
The credentials are used to log into the vulnerable systems and execute shell commands that download and install the malicious program. To hide its presence, the malware also uses common rootkit techniques.
full article
Userlevel 7
+3
Reports have been coming in about a new Trojan malware named XOR DDoS that has been responsible for a number of DDoS attacks in Asia. It's coming from Linux machines, and people are going wild. The truth is somewhat different from what's been published until now.
Malware and viruses are not something common in Linux systems, so when someone announces massive 150+ Gbps DDoS attacks that are coming from Linux machines, you take notice. Users from other platforms are now pointing fingers at Linux saying that it's just as vulnerable as Windows (take a moment here to stop laughing) and that it can cause just as much harm.
http://news.softpedia.com/news/xor-ddos-malware-for-linux-attacks-have-been-greatly-exaggerated-493287.shtml
Userlevel 7
+3
By Paul Venezia,
Among the headlines in the tech press last week was news of a massive Linux botnet that was apparently crippling various sites on the Internet with 150Gbps of traffic. After reading a number of reports that lacked important detail and even seemed to lay the blame on Linux, I feel the need to set a few things straight. http://www.infoworld.com/article/2990956/linux/dont-blame-linux-for-the-xor-botnet.html
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.