HomeWinBuzzer NewsMicrosoft Warns of Uptick in XorDDoS Attacks on Linux Servers

Microsoft Warns of Uptick in XorDDoS Attacks on Linux Servers

Microsoft says the XorDDoS botnet is conducts password-guessing attacks on Linux Servers and is becoming more popular.


is warning of a botnet that is becoming more popular and an increasing threat on . Specifically, the activity of XorDDoS has shot up 254% in recent months, putting Linux servers at risk from password-guessing attacks.

XorDDoS is not a new . It has been around for eight years and is a network of Linux machines that attackers use to deploy distributed denial of service (DDoS) threats.

This attack is known for automated password-guessing attacks on Linux servers. The goal is to locate matching admin credentials on Secure Shell (SSH) servers. If you are unfamiliar with SSH servers, they are a secure network communication protocol that remote systems use.

When the XorDDoS attack finds credentials, it uses privileges at the root to place itself on a Linux device. Once in, XOR encryption will relay the system to the attacker's own control system. Microsoft says the number of attacks is growing and botnet may have other concerning capabilities.

“We found that devices first infected with XorDdos were later infected with additional malware such as the Tsunami backdoor, which further deploys the XMRig coin miner,” Microsoft says

Microsoft points out that XorDDoS is good at hiding from common detection software.

“Its evasion capabilities include obfuscating the malware's activities, evading rule-based detection mechanisms and hash-based malicious file lookup, as well as using anti-forensic techniques to break process tree-based analysis. We observed in recent campaigns that XorDdos hides malicious activities from analysis by overwriting sensitive files with a null byte. It also includes various persistence mechanisms to support different Linux distributions,” Microsoft notes.    


Earlier this week, Microsoft described another botnet that is currently targeting Windows.

Microsoft is warning Windows customers about a new variant of Sysrv botnet that takes advantage of a flaw in the Spring Framework. By exploiting the vulnerability, the botnet installs cryptocurrency mining malware on Windows platforms, while also on Linux systems.

Tip of the day: Windows Update downloads can often be frustrating because they are several gigabytes in size and can slow down your internet connection. That means your device may work with reduced performance while the update is downloading. In our guide we show you how to limit bandwidth for Windows Update downloads, so they won't bother you again.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News