XORDDoS Botnet

The XORDDoS Botnet is a newly discovered botnet that appears to share similarities with the infamous Kaiji Botnet family. However, some of the features seen in XORDDoS are different, and it also appears to pay special attention to vulnerable Docker servers when looking for victims. The purpose of the botnet is to execute Distributed-Denial-of-Service (DDoS) attacks by harvesting all infected hosts' network and hardware resources and using them to overload a targeted Web server. DDoS attacks are threatening exceptionally since mitigating them is very difficult, and they are capable of taking down large online services for hours at a time. In recent years, services like Twitch, Facebook, Twitter, and Netflix have been the target of the largest DDoS attacks in Internet history.

Thankfully, the XORDDoS Botnet size is not that impressive, which means that its operators will be unable to do much with their botnet – of course, this might change as soon as the botnet expands. The payload of the XORDDoS Botnet is installed on vulnerable systems manually – the attackers are likely to find them by scanning the Internet for exposed Docker services.

Once running, the malware collects information regarding the computer's CPU, memory, network connection and running processes. It then loads the modules that can be used for DDoS attacks – the payload supports DNS, ACK and SYN flood. Finally, the XORDDoS Botnet operator can command the infected hosts to begin executing specific tasks such as initializing a DDoS attack or downloading additional payloads.

Protecting networks from the XORDDoS Botnet can be done by using up-to-date firmware and software, as well as strong login credentials. The latter part is essential if you rely on Internet-connected services like Docker – you need to use a strong password since cybercriminals often rely on brute-force attacks to gain unauthorized access to systems.