Linux XOR DDoS botnet is capable of bombarding victims with 179 Gbps data
Security experts have revealed that a Linux botnet using XOR DDoS malware discovered last years has grown so powerful that it can virtually bring any victim’s network to a grinding halt by bombarding them with up to 179 Gbps data.
Believed to be of Asian origin, the botnet is known to target as many as 20 victims per day 90 per cent of which are believed to be companies located in Asia. Security response team from Akamai Technologies have observed several such attacks recently and most of them are being targeted at online gaming companies and the education sector.
Unlike typical vulnerability exploiting mechanism, this botnet is spreading by targeting Linux devices of all flavours – even embedded – by guessing their SSH root passwords employing brute force mechanism. Researchers have found that once the root password is guessed, a bash script is run on the target device which downloads the Trojan and other necessary files. The botnet is also said to be using rootkit techniques to evade detection.
In an email to SCMagazine.com, Tsvetelin Choranov, security intelligence response engineer with Akamai’s SIRT, noted: “We don’t have a defined number of systems infected by this malware. Some of the source IPs that we are seeing actively producing malicious traffic have spoofing capabilities.”
The botnet brings to light a new mechanism that is increasingly becoming fruitful for attackers. Targeting Linux systems is becoming a more widespread phenomenon and with more and more network and security devices being built using Linux as the core, the attack surface has increased by many folds. Attacking poorly configured Linux-based systems for use in DDoS attacks specifically old and unmaintained routers is something that attackers have been increasingly targeting lately.
“A decade ago, Linux was seen as the more secure alternative to Windows environments, which suffered the lion’s share of attacks at the time, and companies increasingly adopted Linux as part of their security-hardening efforts,” the Akamai team said in an email to PCWorld. “As the number of Linux environments has grown, the potential opportunity and rewards for criminals has also grown. Attackers will continue to evolve their tactics and tools and security professionals should continue to harden their Linux based systems accordingly.”