Xor DDoS

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

XOR DDoS is Trojan malware that hijacks Linux systems and uses them to launch DDoS attacks which have reached loads of 150+ Gbps.[1] In order to gain access it launches a brute force attack in order to discover the password to Secure Shell services on Linux.[2] Once Secure Shell credentials are acquired and login is successful, it uses root privileges to run a script that downloads and installs XOR DDoS.[3] It is believed to be of Asian origin based on its targets, which tend to be located in Asia. [4] Several things are noteworthy about XOR DDoS, such as that it is built exclusively for ARM and x86 systems and it appears to have been programmed in C/C++. [5]

See also[edit]


  1. ^ "XOR DDoS Botnet Launching 20 Attacks a Day From Compromised Linux Machines | Akamai". akamai.com. Retrieved 2016-03-18.
  2. ^ "New Botnet Hunts for Linux — Launching 20 DDoS Attacks/Day at 150Gbps". thehackernews.com. Retrieved 2016-03-18.
  3. ^ Reuters Editorial. "www.reuters.com/article/akamai-ddos-advisory-idUSnPn5TLPMJ+9f+PRN20150929". reuters.com. Retrieved 2016-03-18.
  4. ^ "Threat Advisory: XOR DDoS | DDoS mitigation, YARA, Snort". stateoftheinternet.com. Retrieved 2016-03-18.
  5. ^ "Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited « Threat Research Blog | FireEye Inc". Archived from the original on 2015-03-18. Retrieved 2016-03-18.