Research from Avast has been published detailing the operation of the XOR.DDoS trojan, designed to infect Linux systems. Will 2015 be the year of DDOS Extortion?
As the name suggests, the purpose of the trojan is to support a DDOS (Distributed Denial of Service) network. DDOS is still one of the most difficult attacks to defend against - by definition, the attack is perpetrated simultaneously from large numbers of devices including home and business users wherever the trojan has been deployed. This makes the standard countermeasure for DDOS - blocking/blacklisting associated IP addresses - extremely hard.
During the Christmas holidays we saw how devastatingly effective DDOS attacks can be - both Microsoft XBOX Live and Sony PlayStation servers were crippled by a prolonged DDOS attack from the Lizard Squad hacking group. The Lizard Squad have now claimed that these attacks were simply a 'marketing campaign' to demonstrate their capabilities, and that their DDOS service is now available for hire. DDOS attacks have been used to extort ransoms in the past, with Vimeo, Shutterstock, MailChimp and Bit.ly all being subject to DDOS coercion.
Defending against malware like the XOR.DDoS trojan requires a layered approach. The increased use of zero-day malware makes anti-virus systems less effective and therefore system hardening measures need to be used to stop or disrupt the deployment of the trojan and its rootkit. Real-time file integrity monitoring is also essential to at least detect breach activity if an infection succeeds, so allowing remediation work to take place before a more widespread infection took hold and inflicted damage.
Links to sources quoted are below: