Connecting to LinkedIn...

W1siziisijiwmtuvmdqvmtuvmdgvntqvmzgvnzi1l01ptlrbu0hfqkxpr19vtljftkrfukvex0lnqudfx3jlc2l6zwrfyw5kx3jlbmrlcmvklmpwzyjdlfsiccisinrodw1iiiwimtkymhgxmjuwiyjdxq

Blog

Massive DDoS Brute-Force Campaign Targets Linux Rootkits

9/02/2015 by Sharon Shahzad

W1siziisijiwmtuvmdivmdkvmtcvndgvndevnzizl2flmmyymjlixzu1ndrfndbiml9inzzjx2y1owninmyxm2nkzc5qcgcixsxbinailcj0ahvtyiisijywmhg0mdbcdtawm2uixv0

A brute force campaign looking to set up a distributed denial of service (DDoS) botnet using a rare Linux rootkit malware has been launched, emanating from the servers of a Hong Kong-based company called Hee Thai Limited.

The malware, known as XOR.DDoS, was first spotted in September by security research firmMalware Must Die. But security firm FireEye says that new variants have been making their way into the wild, as recently as Jan.20.

XOR.DDoS is installed on targeted systems via SSH (Secure Shell) brute-force attacks that target both servers and network devices. And these are being carried out using complex attack scripts to serve the malware through a sophisticated distribution scheme that allows the attackers to compile and deliver tailored rootkits on-demand, to infect x86 and mobile ARM systems alike. Once infected, the hosts are enlisted to launch DDoS attacks.

“While typical DDoS bots are straightforward in operation and often programmed in a high-level script such as PHP or Perl, the XOR.DDoS family is programming in C/C++ and incorporates multiple persistence mechanisms including a rare Linux rootkit,” FireEye researchers noted in an analysis.

What’s notable about the Hee Thai attack is the sheer scale of the operation. Within 24 hours of first sighting back in November, FireEye had observed well over 20,000 SSH login attempts, per server. By the end of January, each server had seen nearly 1 million login attempts.

During this time period, traffic from 103.41.124.0/24 accounted for 63% of all observed port 22 traffic.

“Someone with a lot of bandwidth and resources really wanted to get into our servers,” FireEye researcher noted.

They also said that the campaign has been evolving. At the beginning, each IP address would attempt more than 20,000 passwords before moving on. It then dropped to attempting a few thousand passwords before cycling to the next, and repeat attacks also began to occur. Now, a new stage of the Hee Thai campaign is more chaotic than the previous two.

“The attacks now occur en masse and at random, frequently with multiple IPs simultaneously targeting the same server,” FireEye explained.

The Hee Thai campaign also features an on-demand malware build system. Using a sophisticated set of build systems, the malware harvests kernel headers and version strings from victims to deliver customized malware that may be compiled on-demand to deliver XOR.DDoS to the target machine.

This article has been extracted from http://www.infosecurity-magazine.com, please click on this link to read the article in full http://www.infosecurity-magazine.com/news/massive-ddos-bruteforce-targets/

Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:

ERP Recruitment, BI & Data Recruitment, Information Security Recruitment, IT Architecture & Strategy Recruitment , Energy Technology Recruitment, Demand IT and Business Engagement Recruitment, Digital and E-commerce Recruitment, Leadership Talent, Infrastructure and Service Delivery Recruitment, Project and Programme Delivery Recruitment.

Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.

comments powered by Disqus

Social Stream

Latest News

W1siziisijiwmtcvmdevmtgvmdkvmtqvmzmvmzk5l0vsuc5qcgcixsxbinailcj0ahvtyiisijm4mhgxmdajil1d

Sage bolsters X3 business ERP solution

2017-01-18 09:00:00 +0000

Sage, one of the global leaders in enterprise resource planning (ERP) solutions, has revealed that it has signed up a trio of new clients to its X3 business solution. With the Salesforce.com partner wanting to be able to show its ability to host larger clients, the firm revealed that BrightBridge, Atlas Cloud and CLOUT are all now utilising the new and emerging X3 ERP platform. Sage Vice President of UK Enterprise David Watts talked about the latest agr...

W1siziisijiwmtcvmdevmtcvmtavmzcvmzevmjq2l0nsb3vkighlywx0agnhcmuuanbnil0swyjwiiwidgh1bwiilcizodb4mtawiyjdxq

Cloud computing making its mark in healthcare

2017-01-17 10:00:00 +0000

The cloud computing sector has grown quickly, and businesses in various sectors have been quick to take advantage of its many benefits to improve services. One such market is the healthcare industry, which has been able to improve diagnosing and enhance treatment methodologies as a result of new technologies over the past decade. Cloud technology is helping one area in particular – the healthcare of people living in remote locations who would not ordina...