XOR DDoS botnet is using Linux-based computers to flood websites

XOR DDoS botnet using Linux-based computers to flood websites

Security researchers at Akamai have uncovered Trojan malware being used to hijack Linux-based computer systems and build botnets to carry out distributed denial-of-service (DDoS) attacks.

The Akamai Security Intelligence Response Team said in an XOR DDoS threat advisory [PDF] that it is tracking a piece of malware that can be used to flood websites with up to 150Gbps of web traffic.

DDoS attacks are commonly used by attackers to take down a website by directing an overwhelming amount of web traffic towards its servers.

A botnet, on the other hand, is a number of infected computers that are used to direct this traffic to a target destination, very often without the owners being aware of the activity.

The XOR DDoS campaign has attacked up to 20 targets a day, 90 percent originating in Asia. The Akamai research also found evidence that the botnet’s main targets are the gaming and education sectors.

XOR DDoS was first detected in September 2014 by the Malware Must Die team. The malware spreads via secure shell services that are open to brute force attacks owing to weak passwords.

“Once log-in credentials have been acquired, the attackers use root privileges to run a Bash shell script that downloads and executes the malicious binary,” the researchers said.

Akamai noted that Linux systems are becoming more popular with hackers and cyber criminals.

“There are an increasing number of Linux vulnerabilities for malicious actors to target, such as the heap-based buffer overflow vulnerability found earlier this year in the GNU C library. However, XOR DDoS does not exploit a specific vulnerability,” the advisory said.

“XOR DDoS malware is part of a wider trend of which companies must be aware: attackers are targeting poorly configured and unmaintained Linux systems for use in botnets and DDoS campaigns.”

Linux users are being advised to update their systems, as the emerging trend indicates that cyber criminals are becoming more attuned to the software’s vulnerabilities.

“A decade ago, Linux was seen as the more secure alternative to Windows environments, which suffered the lion’s share of attacks at the time, and companies increasingly adopted Linux as part of their security hardening efforts,” the report stated.

“As the number of Linux environments has grown, the potential opportunity and rewards for criminals has also grown. Attackers will continue to evolve their tactics and tools, and security professionals should continue to harden their Linux-based systems accordingly.”

Meanwhile, a Kaspersky Lab security report found that botnet-assisted DDoS attacks have targeted victims in 79 countries across the world. The longest was earlier this year and lasted 205 hours.

More recently, it was revealed that up to 650,000 smartphones in China were used to disrupt a web server using a DDoS campaign that resulted in over 4.5 billion hits on the target server peaking at 275,000 HTTP requests per second.


If the article suppose to have a video or a photo gallery and it does not appear on your screen, please Click Here

30 September 2015 | 2:25 pm – Source: v3.co.uk


Leave a Reply

Your email address will not be published.