Results 1 to 4 of 4

Thread: Botnet preying on Linux computers delivers potent DDoS attacks

  1. #1
    #DeSantis2024 Teh One Who Knocks's Avatar
    Join Date
    Jan 2011
    Location
    5280' Above Sea Level
    Posts
    256,044
    vCash
    10966
    Mentioned
    20 Post(s)
    Thanks
    23,810
    Thanked 113,085 Times in 59,902 Posts

    Linux Botnet preying on Linux computers delivers potent DDoS attacks

    by Dan Goodin - ars technica


    Security researchers have uncovered a network of infected Linux computers that's flooding gaming and education sites with as much as 150 gigabytes per second of malicious traffic—enough in some cases to take the targets completely offline.

    The XOR DDoS or Xor.DDoS botnet, as the distributed denial-of-service network has been dubbed, targets as many as 20 sites each day, according to an advisory published Tuesday by content delivery network Akamai Technologies. About 90 percent of the targets are located in Asia. In some cases, the IP address of the participating bot is spoofed in a way that makes the compromised machines appear to be part of the network being targeted. That technique can make it harder for defenders to stop the attack.

    "In short: Xor.DDoS is a multi-platform, polymorphic malware for Linux OS and its ultimate goal is to DDoS other machines," a separate write-up on the botnet explained. "The name Xor.DDoS stems from the heavy usage of XOR encryption in both malware and network communication to the C&Cs (command and control servers)."

    XOR DDoS takes hold by cracking weak passwords used to protect the command shell of Linux computers. Once the attackers have logged in, they use root privileges to run a script that downloads and executes a malicious binary file. There's no evidence XOR DDoS infects computers by exploiting vulnerabilities in the Linux operating system itself.

    "Over the past year, the XOR DDoS botnet has grown and is now capable of being used to launch huge DDoS attacks," Stuart Scholly, senior vice president and general manager of Akamai's Security Business Unit, said in a statement. "XOR DDoS is an example of attackers switching focus and building botnets using compromised Linux systems to launch DDoS attacks. This happens much more frequently now than in the past, when Windows machines were the primary targets for DDoS malware."

  2. #2
    Dilly dilly Goofy's Avatar
    Join Date
    Jan 2011
    Location
    On the oche
    Posts
    52,011
    vCash
    5200
    Mentioned
    124 Post(s)
    Thanks
    6,061
    Thanked 13,156 Times in 6,846 Posts
    Windows ftw!

  3. The Following User Says Thank You to Goofy For This Useful Post:

    PorkChopSandwiches (09-29-2015)

  4. #3
    Shelter Dweller PorkChopSandwiches's Avatar
    Join Date
    Jan 2011
    Posts
    77,135
    vCash
    5000
    Mentioned
    15 Post(s)
    Thanks
    47,197
    Thanked 29,254 Times in 16,488 Posts






  5. #4
    Take Box B DemonGeminiX's Avatar
    Join Date
    Jan 2011
    Location
    Bum Fuck Egypt, East Jabip
    Posts
    64,804
    vCash
    27021
    Mentioned
    25 Post(s)
    Thanks
    45,041
    Thanked 16,891 Times in 11,966 Posts
    There are many ways to avoid this infection. Google the botnet's name and read the comments underneath the articles. When it comes to Linux problems, the gods of the OS always post solutions and suggestions in the comments.

    I think the biggest problems are with, or are going to be with, the ISP routers and servers where the admins aren't that well versed in Linux networking.


    Warning: The posts of this forum member may contain trigger language which may be considered offensive to some.

    Music was better when ugly people were allowed to make it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •