-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/13/2015 07:56 AM, Mike Noyes wrote: > Don’t blame Linux for the XOR botnet > http://www.infoworld.com/article/2990956/linux/dont-blame-linux-for-th e- > > xor-botnet.html > Paul Venezia writes: In the context of the XOR botnet, we’re > talking about poorly designed embedded Linux systems that not only > lack basic protections against brute-force login attacks, but don’t > even enforce sensible password policies. This has more to do with > unconscionably bad vendor practices than any other factor.
How to detect and remove XOR DDoS malware https://www.akamai.com/us/en/about/news/press/2015-press/xor-ddos-botnet - -attacking-linux-machines.jsp The presence of XOR DDoS can be detected in two ways. To detect this botnet in a network, look for communications between a bot and its C2 using a Snort rule provided in the advisory. To detect infection of this malware on a Linux host, the advisory includes a YARA rule that pattern matches strings observed in the binary. XOR DDoS is persistent – it runs processes that will reinstall the malicious files if they are deleted. Therefore removing the XOR DDoS malware is a four-step process for which several scripts are provided in the advisory: Identify the malicious files in two directories. Identify the processes that promote persistence of the main process. Kill the malicious processes. Delete the malicious files. - -- Mike Noyes http://sourceforge.net/users/mhnoyes https://google.com/+MikeNoyes -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWHSJKAAoJEOi/XsrkhYt4lk8QAKPq/QtGmUwMJotO6gR+c1DM q6A42Qjn6BRX3OjTepmu6l8BAw3nGCAtwxRcwfZLKd4uaoWKFYdXHXPy9P0OoiXz S6h8MDEUNS7VCMYfmD6gkEnWJYofZRZqoS2XsI1ArhTLaaaJ+mJ7iV0qm0oD9j5h 5VFxP2c3fwK3X4+1TVP3iN7mo2wOQjKaXhc8lTu7tdVl9lKeDK5PUg531suoXQ4w STeWmYNCqueu++08L8mSGRF9n7CSe3N6+OyoP1Z4kYSd5GR7Ao9rpoXuhjPz+6Jt /vUFvFsyMB9dA6T5jo9NWKPRuLxXuPFGRAxbvTp5OeT1QqNcWctLnBaVJNNWIlof 5mJFf3lg2gQWl5N4a/fYL5Zq3+vWsWJzIxyrXUCakpjqY4V7r7UnBggl5Oadu8uM MLnAKUxbnTkIV6loQ4nps6jWuetzXOnY6pvK1qz55P0By55gkp+46/oni0dooSQs Tg3YsyabR4SK4fe/joqdR/pwLNIrL61AGBBKnWcsQUtkhhgONLo1cucezPOqbGI8 RDH0/ZS9u0QPQkGiCC534+56zl3UshlGyVzMAArkikayFX19inUI1/fzUZFt4ZNi 3ZL8cCrGt80jw7zuJukYjwi+y/u4N3t4dbfe8CtLhloFFPaMnUc3C6yrNEEvKQQf qF9j9JzLqFz8Lch7m9E5 =garh -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ _______________________________________________ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
