Wednesday 14 October 2015

Crippling Linux Botnet Strikes Gaming, Education Sites


Botnet
Botnet Plundering Linux Computers – Attack Powerful


The IT world has recently revealed that a botnet has been plundering the Linux computers and the attacks seem to be quite powerful. Several of the targets seem to be in Asia and the security experts are making efforts in tracking them and the botnet appears to be of Asian origin.

A network of Linux computers seems to be flooding gaming as well as education sites with about 150 gigabits per second of malicious traffic, according to Dan Goodin of Ars Technica, which in some cases is adequate to knock the targets offline.

This is a DDoS – distributed denial-of-service network and the discoveries are from Akamai Technologies. The Security Intelligence Response Team – SIRT, at Akamai reflected the botnet XOR DDoS as `High Risk’ in an advisory posted recently.

 It is said that the XOR DDoS botnet had developed and now has the potential of mega DDoS attacks at 150 plus Gbps and are utilising a Trojan malware in hijacking the Linus system. The first access was obtained by brute force attacks in order to discover the password to Secure Shell services on a Linux machine. When the Login has been attained, the attackers used root privileges in order to run a Bash shell script, thereby downloading and executing the nasty binary

SIRT Tracking XOR DDoS – Trojan Malware


Akamai’s Security Intelligence Response Team has been tracking XOR DDoS, which is a Trojan malware that DDoS attackers seemed to have used in hijacking Linux machines in building a botnet for distributed denial of service attack campaigns with DNS and SYN floods.

Some of the key points observed by Akamai were that the gaming sector had been the main target, which was followed by educational institutions. The botnet seemed to attack around 20 targets each day, 90% of which were from Asia.

The malware tends to spread through Secure Shell – SSH services vulnerable to brute force attacks owing to weak passwords. This could turn from bad to worse. The team at Akamai expect the XOR DDoS activity would continue since attackers refine and improve their methods, inclusive of a more diverse selection of DDoS types of attack.

Advisory Describing DDoS Mitigation/Malware Removal Information Available


As per the Akamai team, the IP address of the bot seems at times hoaxed though not always. The botnet attacks noticed that in the DDoS campaigns against Akamai consumers were a mixture of hoaxed and non-hoaxed attack traffic. According to Lucian Constantin of IDC News Service recently stated that this power to generate crippling attacks at more than 150 Gbps represent several time greater than a usual company’s organization could endure.

 In the meanwhile an advisory describing this threat inclusive of DDoS mitigation payload analysis as well as malware removal information is made available for download from Akamai. Eliminating the XOR DDoS malware seems to have a four step procedure wherein most of the scripts are provided in the advisory.

Senior vice president and general manager of Akamai, Stuart Scholly has said that XOR DDoS is an example of attackers switching focus and developing botnets utilising compromised Linux systems to launch DDoS outbreaks. This occurs more frequently now than earlier, when Windows machines were the main targets for DDoS malware.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.