Microsoft警告XorDdos惡意軟件活動增加
Microsoft專家警告說,XorDdos嘅活動, a modular malware used to hack Linux devices and create a DDoS botnet, has increased by 254% over the past six months.
This malware, also known as XOR.DDoS 和 XOR DDoS, has been active since 2014 and targets Linux systems. It got its name due to the use of XOR-based encryption, which is used when exchanging data with control servers, as well as because DDoS attacks that are carried out with its help.
Let me remind you that we also reported that The Appearance of Cheap DarkCrystal RAT Malware Worried Experts.
XorDdos is usually distributed by scanning open SSH and Telnet ports and subsequent brute force attacks. In order to spread to more devices, the malware uses a shell script that tries to log in as root, trying out different passwords for thousands of systems available on the Internet
XorDdos attack scheme
According to experts, the success of this botnet is explained mainly due to the use of various evasion tactics and methods of maintaining a stable presence, which allows XorDdos to remain invisible and difficult to remove.
The report also notes that in addition to launching DDoS attacks, operators use XorDDoS to install rootkits, maintain access to hacked devices, and likely to deliver additional payloads.