Security Intelligence Response Team of Akamai Technologies has discovered a Linux-Based Botnet that is so powerful that it could strike a distributed denial-of-service. The denial commonly referred to as DDoS, attacks at more than 150Gbps, which is many times over what any typical infrastructure of companies would be able to withstand.
The botnet is supported by malware dubbed XOR DDoS and was first discovered in September 2014 by the Malware Die team, a white-hat security team working group.
According to Akamai, the malware works by hijacking Linux machines to construct a botnet the hackers can use to launch attacks. Hackers install the malware on Linux systems including any other device embedded into the systems and then guess the SSG log-in credentials through brute-force attacks, News Factor reported.
Upon obtaining the credentials, the botnet requires the hacker to access the vulnerable systems and then launch shell commands to download and then install the malware. The process hides its presence in systems through the rootkit methods where the infected computer joins the rest of the infected systems in launching the DDoS attacks.
According to Computer World, Akamai's team observed attacks carried out recently that originated from XOR DDoS. The attacks were ranging from a few gigabits per second to much over 150 Gbps. DDoS is being utilized to launch attacks against 20 targets every day, 90 percent of the targets is located within Asia.
The attack is aiming at companies that are operating in the online gaming industry and targeting the educational institutions soon.
The malware that is supporting this botnet is specifically targeting Linux-based systems, as the trend of breaching poorly protected Linux continues. Unmaintained Routers are specifically vulnerable to these botnet attacks.
According to facts, these Linux-based botnets will keep evolving their methods to compromise Linux systems. As a result, systems administrators have been advised to protect themselves by increasing the strength of their passwords to make their systems less vulnerable to these brute-force attacks. Keeping the Linux environment maintained and up to date have also been said to secure the systems from the attacks.