Xor DDoS
XOR DDoS is Trojan malware that hijacks Linux systems and uses them to launch DDoS attacks which have reached loads of 150+ Gbps.[1] In order to gain access it launches a brute force attack in order to discover the password to Secure Shell services on Linux.[2] Once Secure Shell credentials are acquired and login is successful, it uses root privileges to run a script that downloads and installs XOR DDoS.[3] It appears to attack targets mostly based in Asia and is also believed to be of Asian origin based on its targets(which tend to be located in Asia.). [4] Several things are noteworthy about XOR DDoS, such as that it is built exclusively for ARM and x86 systems and it appears to have been programmed in C/C++. [5]
See also
- Application layer DDoS attack
- BASHLITE
- Botnet
- Command and control (malware)
- Dendroid (Malware)
- Denial-of-service attack
- Rootkit
- Zombie (computer science)
- ZeroAccess botnet
References
- ↑ "XOR DDoS Botnet Launching 20 Attacks a Day From Compromised Linux Machines | Akamai". akamai.com. Retrieved 2016-03-18.
- ↑ "New Botnet Hunts for Linux — Launching 20 DDoS Attacks/Day at 150Gbps". thehackernews.com. Retrieved 2016-03-18.
- ↑ Reuters Editorial. "http://www.reuters.com/article/akamai-ddos-advisory-idUSnPn5TLPMJ+9f+PRN20150929". reuters.com. Retrieved 2016-03-18. External link in
|title=(help) - ↑ "Threat Advisory: XOR DDoS | DDoS mitigation, YARA, Snort". stateoftheinternet.com. Retrieved 2016-03-18.
- ↑ "Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited « Threat Research Blog | FireEye Inc". web.archive.org. Retrieved 2016-03-18.
This article is issued from Wikipedia - version of the 11/6/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.