Xor DDoS

XOR DDoS is Trojan malware that hijacks Linux systems and uses them to launch DDoS attacks which have reached loads of 150+ Gbps.[1] In order to gain access it launches a brute force attack in order to discover the password to Secure Shell services on Linux.[2] Once Secure Shell credentials are acquired and login is successful, it uses root privileges to run a script that downloads and installs XOR DDoS.[3] It is believed to be of Asian origin based on its targets, which tend to be located in Asia. [4] Several things are noteworthy about XOR DDoS, such as that it is built exclusively for ARM and x86 systems and it appears to have been programmed in C/C++. [5]

See also

References

  1. "XOR DDoS Botnet Launching 20 Attacks a Day From Compromised Linux Machines | Akamai". akamai.com. Retrieved 2016-03-18.
  2. "New Botnet Hunts for Linux Launching 20 DDoS Attacks/Day at 150Gbps". thehackernews.com. Retrieved 2016-03-18.
  3. Reuters Editorial. "www.reuters.com/article/akamai-ddos-advisory-idUSnPn5TLPMJ+9f+PRN20150929". reuters.com. Retrieved 2016-03-18.
  4. "Threat Advisory: XOR DDoS | DDoS mitigation, YARA, Snort". stateoftheinternet.com. Retrieved 2016-03-18.
  5. "Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited « Threat Research Blog | FireEye Inc". Archived from the original on 2015-03-18. Retrieved 2016-03-18.


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.