XOR DDoS is a Linux Trojan malware with rootkit capabilities that was used to launch large-scale DDoS attacks. Its name stems from the heavy usage of XOR encryption in both malware and network communication to the C&Cs. It is built for multiple Linux architectures like ARM, x86 and x64. Noteworthy about XOR DDoS is the ability to hide itself with an embedded rootkit component which is obtained by multiple installation steps. It was discovered in September 2014 by
MalwareMustDie
MalwareMustDie, NPO is a whitehat security research workgroup that was launched in August 2012. MalwareMustDie is a registered nonprofit organization as a medium for IT professionals and security researchers gathered to form a work flow to reduce ...
, a
white hat
White hat, white hats, or white-hat may refer to:
Art, entertainment, and media
* White hat, a way of thinking in Edward de Bono's book ''Six Thinking Hats''
* White hat, part of black and white hat symbolism in film
Other uses
* White hat (compu ...
malware research group.
From November 2014 it was involved in massive brute force campaign that lasted at least for three months.
In order to gain access it launches a brute force attack in order to discover the password to Secure Shell services on Linux.
Once Secure Shell credentials are acquired and login is successful, it uses root privileges to run a script that downloads and installs XOR DDoS.
It is believed to be of Asian origin based on its targets, which tend to be located in Asia.
See also
References
*
*
*
*
Cyberwarfare
Botnets
Denial-of-service attacks
Trojan horses
Linux malware
{{malware-stub