Previous Story
Security firm discovers Linux botnet that hits with 150 Gbps DDoS attacks
Posted On Oct 03 2015
Comment: Off
The most frequent target is the gaming sector, followed by educational institutions. Targeting Linux systems is becoming a more widespread phenomenon and with more and more network and security devices being built using Linux as the core, the attack surface has increased by many folds.
Other recent ideas of Linux-based adware has the Spike DDoS toolkit (that as well unique targeted Windows apparatus) and IptabLes and IptabLex spyware and adware.
Akamai provides details on removal and remediation of the threat here. About 90 percent of the targets are located in Asia.
XOR DDoS was first detected in September 2014 by the Malware Must Die team.
XOR DDoS takes hold by cracking weak passwords used to protect the command shell of Linux computers.
There are an increasing number of Linux vulnerabilities for malicious actors to target, such as the heap-based buffer overflow vulnerability found earlier in 2015 in the GNU C library.
The advisory noted that evidence suggests the malware is of Asian origin, but Choranov said that Akamai’s SIRT has not heard of anyone claiming responsibility for the DDoS attacks.
“Over the past year, the XOR DDoS botnet has grown and is now capable of being used to launch huge DDoS attacks”, said Stuart Scholly, senior vice president and general manager of the security business unit, Akamai.
A malware managed to launch a DDoS attack at 150Gbps, which is much greater than an average DDoS attack nowadays.
These attackers will keep evolving their methods to compromise Linux systems, and so security specialists are recommended by Akamai to keep working on the security of their systems.
But the news isn’t all bad for organizations using Linux environments for their servers. The attackers guess the SSG log-in credentials through brute-force attacks. “However, XOR DDoS does not exploit a specific vulnerability”, the advisory said. Once the attackers have logged in, they use root privileges to run a script that downloads and executes a malicious binary file. That wriggles its way into Linux systems by attacking embedded devices – things like routers – and then gaining SSH (secure shell) access.
