Xor DDoS
XOR DDoS is Trojan malware that hijacks Linux systems and uses them to launch DDoS attacks which have reached loads of 150+ Gbps.[1] In order to gain access it launches a brute force attack in order to discover the password to Secure Shell services on Linux.[2] Once Secure Shell credentials are acquired and login is successful, it uses root privileges to run a script that downloads and installs XOR DDoS.[3] It is believed to be of Asian origin based on its targets, which tend to be located in Asia. [4] Several things are noteworthy about XOR DDoS, such as that it is built exclusively for ARM and x86 systems and it appears to have been programmed in C/C++. [5]
See also
References
- ^ "XOR DDoS Botnet Launching 20 Attacks a Day From Compromised Linux Machines | Akamai". akamai.com. Retrieved 2016-03-18.
- ^ "New Botnet Hunts for Linux — Launching 20 DDoS Attacks/Day at 150Gbps". thehackernews.com. Retrieved 2016-03-18.
- ^ Reuters Editorial. "www.reuters.com/article/akamai-ddos-advisory-idUSnPn5TLPMJ+9f+PRN20150929". reuters.com. Retrieved 2016-03-18.
{{cite web}}:|author=has generic name (help) - ^ "Threat Advisory: XOR DDoS | DDoS mitigation, YARA, Snort". stateoftheinternet.com. Retrieved 2016-03-18.
- ^ "Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited « Threat Research Blog | FireEye Inc". Archived from the original on 2015-03-18. Retrieved 2016-03-18.
{{cite web}}: Unknown parameter|dead-url=ignored (|url-status=suggested) (help)
 | This malware-related article is a stub. You can help Wikipedia by expanding it. |
| This malware-related article is a stub. You can help Wikipedia by expanding it. |