Botnet Strengthens Attack Capabilities

Thursday, October 1, 2015 @ 06:10 PM gHale

A botnet upgraded to the point where it is now capable of launching 150 gigabit-per-second (Gbps), or more, distributed denial of service (DDoS) attacks.

The XOR DDoS Trojan first came to light a year ago. XOR DDoS is different from most DDoS botnets because it uses C/C++ and uses a rootkit component for persistence, said researchers from Akamai Technologies.

Security Differences by Industry
Strategy Shift: Security by Design
DDoS Attacks: Small, but Repeated
DDoS Attack as a Diversion

Once installed on a system, XOR DDoS connects to its command and control (C&C) server, from which it gets a list of targets.

In addition to DDoS attacks, the botnet is also capable of downloading and executing arbitrary binaries, and it can replace itself with a newer variant by using a self-update feature.

The bandwidth of DDoS attacks coming from the XOR DDoS botnet in campaigns ranged from low, single-digit Gbps to more than 150 Gbps, and hit up to 20 targets per day, 90 percent of which were in Asia, Akamai researchers said.

The top target has been the gaming sector, followed by educational institutions, Akamai said. Using SYN and DNS floods, two attacks seen by Akamai reached nearly 179 Gbps and 109 Gpbs.

Click here to learn more about the attack.