Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Botnet preying on Linux computers delivers potent DDoS attacks


  • Please log in to reply
6 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:03:56 AM

Posted 29 September 2015 - 07:15 AM

 

Security researchers have uncovered a network of infected Linux computers that's flooding gaming and education sites with as much as 150 gigabytes per second of malicious traffic—enough in some cases to take the targets completely offline.

The XOR DDoS or Xor.DDoS botnet, as the distributed denial-of-service network has been dubbed, targets as many as 20 sites each day, according to an advisory published Tuesday by content delivery network Akamai Technologies. About 90 percent of the targets are located in Asia. In some cases, the IP address of the participating bot is spoofed in a way that makes the compromised machines appear to be part of the network being targeted. That technique can make it harder for defenders to stop the attack.

"In short: Xor.DDoS is a multi-platform, polymorphic malware for Linux OS, and its ultimate goal is to DDoS other machines," a separate writeup on the botnet explained. "The name Xor.DDoS stems from the heavy usage of XOR encryption in both malware and network communication to the C&Cs (command and control servers)."

XOR DDoS takes hold by cracking weak passwords used to protect the command shell of Linux computers. Once the attackers have logged in, they use root privileges to run a script that downloads and executes a malicious binary file. There's no evidence XOR DDoS infects computers by exploiting vulnerabilities in the Linux operating system itself.

Botnet preying on Linux computers delivers potent DDoS attacks

 

 



BC AdBot (Login to Remove)

 


#2 pcpunk

pcpunk

  • Members
  • 5,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:56 PM

Posted 29 September 2015 - 11:15 AM

Thanks Nick!


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#3 mremski

mremski

  • Members
  • 495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:01:56 PM

Posted 29 September 2015 - 11:51 AM

Nick, anything on the attack vector?  Nothing in the linked articles talked about it (unless I missed it) beyond the "cracking weak passwords"


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:56 PM

Posted 30 September 2015 - 10:16 AM

Hi,

the article says it in a bit of a convoluted way: Basically the majority of affected machines are servers. The 'attack vector' is a brute force attack on the password of the root account of the machine with SSH.

If you are an end user, chances are you don't have a ssh server running and will not be affected.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:01:56 PM

Posted 30 September 2015 - 10:20 AM

Hi,

the article says it in a bit of a convoluted way: Basically the majority of affected machines are servers. The 'attack vector' is a brute force attack on the password of the root account of the machine with SSH.

If you are an end user, chances are you don't have a ssh server running and will not be affected.

regards
myrti

 

If that is how it is getting infected people should really learn their stuff. You should never allow someone to directly log in to root via SSH, and you should also disable password login and go with private public key pairs, much more secure.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#6 mremski

mremski

  • Members
  • 495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NH
  • Local time:01:56 PM

Posted 30 September 2015 - 12:41 PM

Hi,

the article says it in a bit of a convoluted way: Basically the majority of affected machines are servers. The 'attack vector' is a brute force attack on the password of the root account of the machine with SSH.

If you are an end user, chances are you don't have a ssh server running and will not be affected.

regards
myrti

Thanks.  That's what I was getting out of the articles;  just wanted second opinion.    The fact that new virus/malware is in the wild is interesting, but the more interesting bit is the attack vector.  Look at enough of those and you see patterns.


FreeBSD since 3.3, only time I touch Windows is to fix my wife's computer


#7 MadmanRB

MadmanRB

    Spoon!!!!


  • Members
  • 3,157 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:No time for that when there is evil afoot!
  • Local time:01:56 PM

Posted 30 September 2015 - 01:57 PM

Hey rule of thumb says nothing is bulletproof.

Still even with the occasional issue linux is still more secure then windows


You know you want me baby!

Proud Linux user and dual booter.

Proud Vivaldi user.

 

ljxaqg-6.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users