Threat Database Botnets XORDDoS Botnet

XORDDoS Botnet

By GoldSparrow in Botnets

The XORDDoS Botnet is a recently identified botnet that appears to be very potent. Upon studying the XORDDoS Botnet, malware analysts found that it bears significant similarities with the notorious Kaiji Botnet. Despite the similarities, the XORDDoS Botnet and the Kaiji Botnet have some important distinctions too. The XORDDoS Botnet seeks new victims via poorly secured Docker servers. The end goal of the XORDDoS Botnet is to carry out large-scale DDoS (Distributed-Denial-of-Service) attacks targeting Web servers by using the hardware of the hijacked systems. DDoS attacks can prove to be very threatening as they are able to overload the servers of the target and knock offline their whole network. This has even happened to giants like Netflix, Twitter, Facebook and Twitch.

So far, the XORDDoS Botnet is not very large. This seems to be because the operators of the XORDDoS Botnet are only looking for victims via vulnerable Docker servers. The attackers would install the threat manually on every targeted system. Because the XORDDoS Botnet is still rather small size-wise, it is not likely that it will be very useful in a DDoS attack. However, if the operators of the XORDDoS Botnet expand their reach in the future, it is likely that they will be fully capable of launching mass-scale DDoS attacks.

When the malware associated with the activity of the XORDDoS Botnet is installed on the targeted system, it will begin collecting data about the host, such as active processes, memory, CPU and network connections. The botnet's payload then prepares the modules used for the DDoS attacks. The currently analyzed sample can execute DDoS attacks via SYN, DNS and ACK packets. After completing this, the operators of the XORDDoS Botnet will be able to control the compromised system and set it off to download additional modules or trigger the execution of a DDoS attack.

If you want to protect the system od your computer from being hijacked by the XORDDoS Botnet, you should consider using stronger login credentials and installing an up-to-date, reputable anti-malware solution.


Most Viewed