A New Botnet Hits Servers With 150 Gbps DDoS Attacks
Just yesterday, Akamai’s Security Intelligence Response Team announced that it’s discovered a new botnet that uses a 150 Gbps onslaught to bring servers and websites to their knees.
The Linux-based botnet spreads aboard a Trojan that’s called XOR DDoS. It wriggles its way into Linux systems by attacking embedded devices — things like routers — and then gains SSH (secure shell) access. Once it’s achieved that, it can happily download a small piece of botnet hardware, turning the system into yet another node in the botnet that can happily do the same thing.
While the security team has known about the botnet for over a year, it has only recently been observed taking hold in the wild. It’s said to strike up to 20 times a day, largely being used to attack Asian gaming and education sites at the moment, and has been observed to throw attack of up to 150 Gbps at servers. That is huge – easily enough to bring down most commercial servers.
It remains to be seen how widespread an impact XOR DDoS will have. But individuals — and companies — that run Linux systems may want to double down on security.