How XOR DDoS Botnet infects Linux System?
A High-Bandwidth DDoS Attack
“Over the past year, the XOR DDoS botnet has grown and is now capable of being used to launch [massive] DDoS attacks,” Stuart Scholly, senior vice president of Akamai’s Security Business Unit, said in a statement.
How to Detect and Mitigate XOR DDoS Botnet?
- To Detect XOR DDoS Botnet in your Network, look for the communications between a bot and its C&C server, using the Snort rule given in the advisory.
- To Detect XOR DDoS Botnet infection on your Hosts, use the YARA rule also shown in the advisory.
- First, identify the malicious files in two directories (/boot and /etc/init.d)
- Identify the supporting processes responsible for the persistence of the main process
- Kill the malicious processes
- Delete the malicious files (in /boot and /etc/init.d)