According to Microsoft‘s newest study, the Linux botnet virus XorDdos has seen a 254 percent increase in activity over the previous six months.
The malware has been active since at least 2014, and is notorious for carrying out denial-of-service assaults against Linux systems and using XOR-based encryption for communications with its command-and-control (C2) server.
“XorDdos’ modular structure offers attackers with a flexible trojan capable of infecting a range of Linux system architectures,” the Microsoft 365 Defender Research Team’s Ratnesh Pandey, Yevgeny Kulakov, and Jonathan Bar Or said in an in-depth analysis of the malware.
“Its SSH brute-force attacks are a simple but efficient approach for getting root access to a variety of possible targets.”
Secure shell (SSH) brute-force assaults are used to take remote control over unprotected IoT and other internet-connected devices, allowing the malware to establish a botnet capable of launching distributed denial-of-service (DDoS) attacks.