Compromised Linux Servers Fall into Massive Botnet
The security firm Akamai is reporting on a giant botnet populated by Linux servers that is capable of delivering a distributed denial-of-service attack of up to a whopping 179Gbps. The attack uses SYN and DNS traffic to snuff out victim web servers. So far, the victims have been mostly in Asia, and many are companies concentrated in the gaming sector.
At the core of the attack is a malware trojan known as XOR DDoS. The attackers typically infiltrate the system by brute-forcing SSH access. A really strong password is the best defense against the initial entry.
This attack underscores an increasing tendency for attackers to focus on Linux. This trend probably does not reflect reduced security of Linux systems but could be a response to the fact that Windows security has improved in recent years. The average Windows system is not the low-hanging fruit it once was, which has forced attackers to spread out their search for targets. The trend might also reflect overconfidence of the Linux community in assuming their systems are immune from attack. (These people already knew they were supposed to use strong passwords for SSH, right?)
Akamai provides a full report on the attack for users who are willing to provide contact information.