Open main menu

XOR DDoS is Trojan malware that hijacks Windows or Macintosh systems and uses them to launch DDoS attacks which have reached loads of 150+ Gbps.This trojan is created to steal data by intercepting system's network traffic and searching for: banking usernames and passwords, credit card data, PayPal information, social security numbers, and other sensitive user data..It's that malicious computer program which cannot be removed by any antiviruses like (Malware bytes, Microsoft Security Essentials, Norton, McAfee, Webroot, kaspersky, sophos, avast, etc).It enables cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system. These actions can include:

Deleting data, Blocking data, Modifying data, Copying data, Disrupting the performance of computers or computer networks

It should be removed by the help of WINDOWS SECURITY(if windows is activated) because the security blocks this virus from installing. In order to gain access it launches a brute force attack in order to discover the password to Secure Shell services on Linux.[1] Once Secure Shell credentials are acquired and login is successful, it uses root privileges to run a script that downloads and installs XOR DDoS.[2] It is believed to be of Asian origin based on its targets, which tend to be located in Asia. [3] Several things are noteworthy about XOR DDoS, such as that it is built exclusively for ARM and x86 systems and it appears to have been programmed in C/C++. [4]

See alsoEdit


  1. ^ "New Botnet Hunts for Linux — Launching 20 DDoS Attacks/Day at 150Gbps". Retrieved 2016-03-18.
  2. ^ Reuters Editorial. "". Retrieved 2016-03-18.
  3. ^ "Threat Advisory: XOR DDoS | DDoS mitigation, YARA, Snort". Retrieved 2016-03-18.
  4. ^ "Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited « Threat Research Blog | FireEye Inc". Archived from the original on 2015-03-18. Retrieved 2016-03-18.