Earlier days attackers used to develop a bot program for Windows only as they are used in large scale and now Linux users are increasing on large scale. Recently a DDoS has been detected that originated from Linux bots.
Due to the increase in the number of Linux running servers and the desktops the attackers started developing a bot program for Linux and the one has been used to launch a DDoS on large scale of about 179 Gbps.
Bot net is a collection of compromised system and the bots are usually used to carry out a malicious activity such as DDoS (Distributed Denial of Service) attack in which the attacker will be hidden and the attack will be carried out.
The new bot for Linux #XOR botnet targets Linux systems. The bot program resides in the machine such as router program and the program migrates and will carry out a brute force attack on the SSH login credentials.
Once the SSH credentials has been compromised the bot program will now have a root privilege and the program will execute a simple script program to download a malicious files and the system will be compromised at root level.
Akamai's Security Intelligence Response Team (SIRT) has seen DDoS attacks and then they observed it is consuming a bandwidth of few to 179 Gbps which is more traffic than a corporate can handle.
They have also provided the ways to detect and delete the XOR Botnet files
Identify malicious files in two directories (/boot and /etc/init.d)
Identify the supporting processes responsible
Kill the malicious processes
Delete the malicious files in (/boot and /etc/init.d)
They also suggested to disable the root login from secure shell to prevent further attacks.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment