January 8, 2015
Analysts have identified a Linux DDoS Trojan with a built-in rootkit that is suspected to be building an arsenal of zombie systems that could be leveraged for distributed denial of service attacks.
The XOR.DDoS malware is considered unique because it has the ability to alter its components after it detects which Linux environment the targeted system is operating.
“The infection starts by an attempt to brute force SSH login credentials of the root user. If successful, attackers gain access to the compromised machine, then install the Trojan usually via a shell script,” wrote researcher Peter Kálnai.