Microsoft: This botnet is growing fast and hunting for servers with weak passwords

Microsoft has seen a 254% increase in activity over the past few months from XorDDoS, a roughly eight-year-old network of infected Linux machines that is used for distributed denial of service (DDoS) attacks.  

XorDdos conducts automated password-guessing attacks across thousands of Linux servers to find matching admin credentials used on Secure Shell (SSH) servers. SSH is a secure network communications protocol commonly used for remote system administration.

ZDNet Recommends

Once credentials are gained, the botnet uses root privileges to install itself on a Linux device and uses XOR-based encryption to communicate with the attacker’s command and control infrastructure. 

SEE: Microsoft warns: This botnet has new tricks to target Linux and Windows systems

While DDoS attacks are a serious threat to system availability and are growing in size each year, Microsoft is worried about other capabilities of these botnets. 

“We found that devices first infected with XorDdos were later infected with additional malware such as the Tsunami backdoor, which further deploys the XMRig coin miner,” Microsoft notes

XorDDoS was one of the most active Linux-based malware families of 2021, according to Crowdstrike. The malware has thrived off the growth of

Read More: