Home>Blog>The Hacker News Headlines>Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices
The Hacker News Headlines

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

XorDdos Malware Attack

A Linux botnet malware known as XorDdos has witnessed a
254% surge in activity over the last six months, according to
latest research from Microsoft.

The trojan, so named for carrying out denial-of-service attacks
on Linux systems and its use of XOR-based encryption for
communications with its command-and-control (C2) server, is
known[1]
to have been active[2]
since at least 2014.

“XorDdos’ modular nature provides attackers with a versatile
trojan capable of infecting a variety of Linux system
architectures,” Ratnesh Pandey, Yevgeny Kulakov, and Jonathan Bar
Or of the Microsoft 365 Defender Research Team said[3]
in an exhaustive deep-dive of the malware.

“Its SSH brute force attacks are a relatively simple yet
effective technique for gaining root access over a number of
potential targets.”

Remote control over vulnerable IoT and other internet-connected
devices is gained by means of secure shell (SSH) brute-force
attacks, enabling the malware to form a botnet capable of carrying
distributed denial-of-service (DDoS) attacks.

Besides being compiled for ARM, x86, and x64 architectures, the
malware is designed to support different Linux distributions, not
to mention come with features to siphon sensitive information,
install a rootkit, and act as a vector for follow-on
activities.

In recent years, XorDdos has targeted[4]
unprotected Docker servers with exposed ports (2375), using
victimized systems to overwhelm a target network or service with
fake traffic in order to render it inaccessible.

CyberSecurity

XorDdos has since emerged as the top Linux-targeted threat in
2021, according to a report[5]
from CrowdStrike published earlier this January.

“XorDdos uses evasion and persistence mechanisms that allow its
operations to remain robust and stealthy,” the researchers
noted.

“Its evasion capabilities include obfuscating the malware’s
activities, evading rule-based detection mechanisms and hash-based
malicious file lookup, as well as using anti-forensic techniques to
break process tree-based analysis.”

References

  1. ^
    known
    (thehackernews.com)
  2. ^
    active
    (blog.malwaremustdie.org)
  3. ^
    said
    (www.microsoft.com)
  4. ^
    targeted
    (thehackernews.com)
  5. ^
    report
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.