Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
Microsoft: This botnet is growing fast and hunting for servers with weak passwords - Best Business Review Site 2024

Microsoft: This botnet is growing fast and hunting for servers with weak passwords

[ad_1]

Microsoft has seen a 254% increase in activity over the past few months from XorDDoS, a roughly eight-year-old network of infected Linux machines that is used for distributed denial of service (DDoS) attacks.  

XorDdos conducts automated password-guessing attacks across thousands of Linux servers to find matching admin credentials used on Secure Shell (SSH) servers. SSH is a secure network communications protocol commonly used for remote system administration.

Once credentials are gained, the botnet uses root privileges to install itself on a Linux device and uses XOR-based encryption to communicate with the attacker’s command and control infrastructure. 

SEE: Microsoft warns: This botnet has new tricks to target Linux and Windows systems

While DDoS attacks are a serious threat to system availability and are growing in size each year, Microsoft is worried about other capabilities of these botnets. 

“We found that devices first infected with XorDdos were later infected with additional malware such as the Tsunami backdoor, which further deploys the XMRig coin miner,” Microsoft notes

XorDDoS was one of the most active Linux-based malware families of 2021, according to Crowdstrike. The malware has thrived off the growth of Internet of Things (IoT) devices, which mostly run on variants of Linux, but it has also targeted misconfigured Docker clusters in the cloud. Other top malware families targeting IoT devices include Mirai and Mozi. 

Microsoft didn’t see XorDdos directly installing and distributing the Tsunami backdoor, but its researchers think XorDdos is used as a vector for follow-on malicious activities.

XorDdos can hide its activities from common detection techniques. In a recent campaign, Microsoft saw it overwriting sensitive files with a null byte. 

“Its evasion capabilities include obfuscating the malware’s activities, evading rule-based detection mechanisms and hash-based malicious file lookup, as well as using anti-forensic techniques to break process tree-based analysis. We observed in recent campaigns that XorDdos hides malicious activities from analysis by overwriting sensitive files with a null byte. It also includes various persistence mechanisms to support different Linux distributions,” Microsoft notes.    

The XorDdos payload Microsoft analyzed is a 32-bit Linux format ELF file with a modular binary written in C/C++. Microsoft notes XorDdos uses a daemon process that runs in the background, outside the control of users, and terminates when the system is shutdown. 

SEE: Just in time? Bosses are finally waking up to the cybersecurity threat

But the malware can automatically relaunch when a system is restarted thanks to several scripts and commands that cause it to automatically run when a system boots. 

XorDdoS can perform multiple DDoS attack techniques, including SYN flood attacks, DNS attacks, and ACK flood attacks. 

It collects characteristics about an infected device, including the magic string, OS release version, malware version, rootkit presence, memory stats, CPU information, and LAN speed, which are encrypted and then sent to the C2 server. 

[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot situs toto toto slot