Aces High Bulletin Board

General Forums => Hardware and Software => Topic started by: TequilaChaser on September 30, 2015, 07:16:32 AM

Title: Semi-New Linux botnet found - sends torjan variant - XOR DDoS
Post by: TequilaChaser on September 30, 2015, 07:16:32 AM

reference link to report:

http://www.engadget.com/2015/09/29/linux-botnet-hits-with-150-gbps-ddos/

Quote

Akamai announced on Tuesday that its Security Intelligence Response Team has discovered a massive Linux-based botnet that's reportedly capable of downing websites under a torrent of DDoS traffic exceeding 150 Gbps. The botnet spreads via a Trojan variant dubbed XOR DDoS. This malware infects Linux systems via embedded devices like network routers then brute forces SSH access. Once the malware has Secure Shell credentials, it secretly downloads and installs the necessary botnet software, then connects the newly-infected computer to the rest of the hive.

more of the story at the above link ....

hope this is helpful to those using Linux based systems and also torrent downloading----- Beware

TC

Title: Re: Semi-New Linux botnet found - sends torjan variant - XOR DDoS
Post by: 715 on September 30, 2015, 01:01:22 PM

Do you know if this is just for Linux servers (remote login) or also for Linux desktops (say Ubuntu)?  I tried the Akamai link but it requires registration.

Title: Re: Semi-New Linux botnet found - sends torjan variant - XOR DDoS
Post by: TequilaChaser on October 02, 2015, 01:24:21 PM

My apologies for not getting back to your reply sooner, 715

The article says that once the malware has gotten in or downloaded, that it infects "Linux Systems" and then forces gaining access...

I am assuming that it can hit both Linux servers and desktops .... I'm just assuming, not totally for sure until I can read up on it some more....

TC

Title: Re: Semi-New Linux botnet found - sends torjan variant - XOR DDoS
Post by: Puck on October 02, 2015, 03:06:39 PM

Couple things:

A brute force SSH attack will take about 6.02E23 years if you use a good password.  It will take significantly longer if:
1. You haven't loaded sshd, which most desktops do not by default
2. You do not use a predictable login ID (such as root; logging in as root has been a bad idea for at least a decade)
3. You do not allow the internet at large access to your sshd daemon.  I personally know of zero *nix installs that do.

That's the good news.  The bad news is there are countless hardware devices that use some flavor of *nix, many of them do end up on public IPs, and their owners have zero clue that sshd is not only enabled, it's enabled with a default password.  If the OS is writable (many are not) you're not just low hanging fruit, you're laying on the ground.

Title: Re: Semi-New Linux botnet found - sends torjan variant - XOR DDoS
Post by: Vulcan on October 02, 2015, 07:22:39 PM

Does it make you wear checkered shorts and sandals, and grow a birds nest of a beard?

Title: Re: Semi-New Linux botnet found - sends torjan variant - XOR DDoS
Post by: Article_86 on October 04, 2015, 03:13:29 PM

Quote from: Vulcan on October 02, 2015, 07:22:39 PM

Does it make you wear checkered shorts and sandals, and grow a birds nest of a beard?

HEY!  I resemble that remark!  hehehe   - Art