Just yesterday, Akamai’s Security Intelligence Response Team announced that it’s discovered a new botnet that uses a 150 Gbps onslaught to bring servers and websites to their knees.
The Linux-based botnet spreads aboard a Trojan that’s called XOR DDoS. That wriggles its way into Linux systems by attacking embedded devices — things like routers — and then gaining SSH (secure shell) access. Once it’s achieved that, it can happily download a small piece of botnet hardware, turning the system into yet another node in the botnet that can do more of the same thing.
While the security team has known about the botnet for over a year, it has only recently been observed taking hold in the wild. It’s said to strike up to 20 times a day, largely being used to attack Asian gaming and education sites at the moment, and has been observed to throw an attack of up to 150 Gbps at servers. That is huge — easily enough to bring down most commercial servers.
It remains to be seen how widespread an impact XOR DDoS will have. But individuals — and companies — that run Linux systems may want to double down on security.
Image by nrkbeta under Creative Commons licence.