A network of compromised Linux servers has grown so powerful that it can blow large websites off the Internet by launching crippling Distributed Denial-of-service (DDoS) attacks of over 150 gigabits per second (Gbps).

The distributed denial-of-service network, dubbed XOR DDoS Botnet, targets over 20 websites per day, according to an advisory published by content delivery firm Akamai Technologies.

Over 90 percent of the XOR DDoS targets are located in Asia, and the most frequent targets are the gaming sector and educational institutions.

XOR creator is supposed to be from China, citing the fact that the IP addresses of all Command and Control (C&C) servers of XOR are located in Asia, where most of the infected Linux machines also reside.

How XOR DDoS Botnet infects Linux System?

Unlike other DDoS botnets, the XOR DDoS botnet infects Linux machines via embedded devices such as network routers and then brute forces a machine's SSH service to gain root access to targeted machines.

Once the attackers have acquired Secure Shell credentials and logged in, they use root privileges to run a simple shell script that secretly downloads and installs the malicious XOR botnet software.

However, there is no such evidence that XOR DDoS infects computers by exploiting flaws in the Linux operating system itself.