The XORDDoS Botnet is a newly discovered botnet that appears to share similarities with the infamous Kaiji Botnet family. However, some of the features seen in XORDDoS are different, and it also appears to pay special attention to vulnerable Docker servers when looking for victims. The purpose of the botnet is to execute Distributed-Denial-of-Service (DDoS) attacks by harvesting all infected hosts' network and hardware resources and using them to overload a targeted Web server. DDoS attacks are threatening exceptionally since mitigating them is very difficult, and they are capable of taking down large online services for hours at a time. In recent years, services like Twitch, Facebook, Twitter, and Netflix have been the target of the largest DDoS attacks in Internet history.
Thankfully, the XORDDoS Botnet size is not that impressive, which means that its operators will be unable to do much with their botnet – of course, this might change as soon as the botnet expands. The payload of the XORDDoS Botnet is installed on vulnerable systems manually – the attackers are likely to find them by scanning the Internet for exposed Docker services.
Once running, the malware collects information regarding the computer's CPU, memory, network connection and running processes. It then loads the modules that can be used for DDoS attacks – the payload supports DNS, ACK and SYN flood. Finally, the XORDDoS Botnet operator can command the infected hosts to begin executing specific tasks such as initializing a DDoS attack or downloading additional payloads.
Protecting networks from the XORDDoS Botnet can be done by using up-to-date firmware and software, as well as strong login credentials. The latter part is essential if you rely on Internet-connected services like Docker – you need to use a strong password since cybercriminals often rely on brute-force attacks to gain unauthorized access to systems.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to XORDDoS Botnet may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.