XOR DDoS is Trojan malware that hijacks Linux systems and uses them to launch DDoS attacks which have reached loads of 150+ Gbps. In order to gain access it launches a brute force attack in order to discover the password to Secure Shell services on Linux. Once Secure Shell credentials are acquired and login is successful, it uses root privileges to run a script that downloads and installs XOR DDoS. It is believed to be of Asian origin based on its targets, which tend to be located in Asia.  Several things are noteworthy about XOR DDoS, such as that it is built exclusively for ARM and x86 systems and it appears to have been programmed in C/C++. 
- "XOR DDoS Botnet Launching 20 Attacks a Day From Compromised Linux Machines | Akamai". akamai.com. Retrieved 2016-03-18.
- "New Botnet Hunts for Linux — Launching 20 DDoS Attacks/Day at 150Gbps". thehackernews.com. Retrieved 2016-03-18.
- Reuters Editorial. "www.reuters.com/article/akamai-ddos-advisory-idUSnPn5TLPMJ+9f+PRN20150929". reuters.com. Retrieved 2016-03-18.
- "Threat Advisory: XOR DDoS | DDoS mitigation, YARA, Snort". stateoftheinternet.com. Retrieved 2016-03-18.
- "Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited « Threat Research Blog | FireEye Inc". Archived from the original on 2015-03-18. Retrieved 2016-03-18.
|This software article is a stub. You can help Wikipedia by expanding it.|
|This malware-related article is a stub. You can help Wikipedia by expanding it.|