XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers

Trendmicro recently  detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware (detected by Trend Micro as Backdoor.Linux.XORDDOS.AE) and Kaiji DDoS malware (detected by Trend Micro as DDoS.Linux.KAIJI.A).
Having Docker servers as their target is a new development for both XORDDoS and Kaiji; XORDDoS was known for targeting Linux hosts on cloud systems, while recently discovered Kaiji was first reported to affect internet of things (IoT) devices. Attackers usually used botnets to perform brute-force attacks after scanning for open Secure Shell (SSH) and Telnet ports. Now, they also searched for Docker servers with exposed ports (2375). Port 2375, one of the two ports Docker API uses, is for unencrypted and unauthenticated communication.
There is, however, a notable difference between the two malware variants’ method of attack. While the XORDDoS attack infiltrated the Docker server to infect all the containers hosted on it, the Kaiji attack deploys its own container that will house its DDoS malware.
By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

FortiManager Zero-Day Exploit: Fortinet Issues Urgent Security Warning

  Fortinet Issues Urgent Warning About Critical FortiManager Vulnerability (CVE-2024-47575) Fortinet has publicly disclosed a critical vulne...