Xor DDoS

XOR DDoS is Trojan malware that hijacks Linux systems and uses them to launch DDoS attacks which have reached loads of 150+ Gbps.[1] In order to gain access it launches a brute force attack in order to discover the password to Secure Shell services on Linux.[2] Once Secure Shell credentials are acquired and login is successful, it uses root privileges to run a script that downloads and installs XOR DDoS.[3] It appears to attack targets mostly based in Asia and is also believed to be of Asian origin based on its targets(which are tend to be located in Asia.). [4] Several things have been noted in XOR DDoS, such as a rootkit and being able to be built in ARM and x86 systems and being programmed in C/C++. [5]

See Also

References

  1. "XOR DDoS Botnet Launching 20 Attacks a Day From Compromised Linux Machines | Akamai". akamai.com. Retrieved 2016-03-18.
  2. "New Botnet Hunts for Linux Launching 20 DDoS Attacks/Day at 150Gbps". thehackernews.com. Retrieved 2016-03-18.
  3. Reuters Editorial. "http://www.reuters.com/article/akamai-ddos-advisory-idUSnPn5TLPMJ+9f+PRN20150929". reuters.com. Retrieved 2016-03-18. External link in |title= (help)
  4. "Threat Advisory: XOR DDoS | DDoS mitigation, YARA, Snort". stateoftheinternet.com. Retrieved 2016-03-18.
  5. "Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited « Threat Research Blog | FireEye Inc". web.archive.org. Retrieved 2016-03-18.


This article is issued from Wikipedia - version of the Friday, March 18, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.