مايكروسوفت تحذر من زيادة نشاط البرامج الضارة XorDdos

هيلجا سميثمايو 24, 2022آخر تحديث: مايو 24, 2022
60 دقيقة واحدة

وقد حذر خبراء مايكروسوفت من أن نشاط XorDdos, a modular malware used to hack Linux devices and create a DDoS botnet, has increased by 254% over the past six months.

This malware, also known as XOR.DDoS و XOR DDoS, has been active since 2014 and targets Linux systems. It got its name due to the use of XOR-based encryption, which is used when exchanging data with control servers, as well as because DDoS attacks that are carried out with its help.

Let me remind you that we also reported that The Appearance of Cheap DarkCrystal RAT Malware Worried Experts.

XorDdos is usually distributed by scanning open SSH and Telnet ports and subsequent brute force attacks. In order to spread to more devices, the malware uses a shell script that tries to log in as root, trying out different passwords for thousands of systems available on the Internet

نشاط البرامج الضارة XorDdos
XorDdos attack scheme

According to experts, the success of this botnet is explained mainly due to the use of various evasion tactics and methods of maintaining a stable presence, which allows XorDdos to remain invisible and difficult to remove.

Its capabilities include obfuscation, evasion of rules-based detection and hash-based malware detection mechanisms, and the use of various techniques to disrupt process of the tree-based analysis. While studying recent campaigns, we noticed that XorDdos hides malicious activity from analysis by overwriting sensitive files with a null byte.مايكروسوفت 365 Defender wrote.

The report also notes that in addition to launching DDoS attacks, operators use XorDDoS to install rootkits, maintain access to hacked devices, and likely to deliver additional payloads.

We found that devices originally infected with XorDdos were later infected with additional malware, such as the Tsunami backdoor, which additionally deployed the XMRig miner. Although we have not observed XorDdos directly installing and distributing secondary payloads such as Tsunami, it is possible that the Trojan is being used as a vector for subsequent attacks.يكتب الباحثون.
ومن المثير للاهتمام, the conclusions of Microsoft experts are consistent with the report of CrowdStrike, which also noted an increase in XorDDoS activity in particular and malware for Linux in general: in 2021, there was a 35% increase in such malware. Analysts generally concluded that XorDDoS, Mirai, و Mozi are the most common malware families, accounting for 22% of all attacks on Linux devices in 2021.
الوسوم
هيلجا سميثمايو 24, 2022آخر تحديث: مايو 24, 2022
60 دقيقة واحدة

هيلجا سميث

كنت دائمًا مهتمًا بعلوم الكمبيوتر, خاصة أمن البيانات والموضوع, وهو ما يسمى في الوقت الحاضر "علم البيانات", منذ سنوات مراهقتي المبكرة. قبل الانضمام إلى فريق Virus Removal كرئيس تحرير, عملت كخبير في الأمن السيبراني في العديد من الشركات, بما في ذلك أحد مقاولي أمازون. تجربة أخرى: لقد حصلت على التدريس في جامعات أردن وريدينج.

اترك رد

هذا الموقع يستخدم Akismet للحدّ من التعليقات المزعجة والغير مرغوبة. تعرّف على كيفية معالجة بيانات تعليقك.

زر الذهاب إلى الأعلى