Linux-Based Botnet Hits Servers with Powerful DDoS Attacks

A nasty new Trojan is building botnets out of Linux machines to launch distributed denial of service (DDoS) attacks, according to security company Akamai Technologies. In the companyEUs latest EUState of the InternetEU report, it released a threat advisory for the Trojan malware, dubbed XOR DDoS. Akamai assigned the threat a risk factor of EUhigh.EU

The Trojan was first discovered last September by the Malware Must Die team, a white hat security working group. The malware works by hijacking Linux machines to construct a botnet the hackers can use to launch attacks, according to Akamai. Based on the command-and-control IP addresses used by the Trojan and source addresses of the attack payloads, Akamai has concluded that it originated somewhere in Asia, although it declined to be more specific.

Definitely Not Fun and Games

So far, XOR DDoS has primarily gone after targets in the gaming industry, with educational organizations also coming under attack. EUThe botnet has attacked up to 20 targets per day, 90 percent of which were in Asia,EU the company said in its threat advisory. EUAkamai mitigated two DDoS attacks orchestrated by the XOR DDoS botnet on the weekend of August 22. One of the attacks measured nearly 50 Gbps, and the other was almost 100 Gbps.EU

XOR DDoS isnEUt the first Trojan to target Linux machines. The Spike DDoS toolkit was able to target both Windows and Linux machines, while the IptabLes and IptabLex malware applications specifically targeted Linux machines by exploiting vulnerabilities in Apache Struts, Tomcat and Elasticsearch. Meanwhile, a heap-based buffer overflow vulnerability in the GNU C library was discovered in Linux earlier this year.

This latest Trojan -- along with its predecessors -- points to a troubling new development for computer security: the increasing vulnerability of Linux systems to attack. The operating system was once considered to be a...

Comments are closed.