How to Detect and Mitigate XOR DDoS Botnet

Akamai's advisory outlines two different methods for detecting the recent version of the XOR malware.

1.To Detect XOR DDoS Botnet in your Network, look for the communications between a bot and its C&C server, using the Snort rule given in the advisory.

2.To Detect XOR DDoS Botnet infection on your Hosts, use the YARA rule also shown in the advisory.




Moreover, Akamai also provides a four-step process for removing the XOR DDoS Trojan from your machine, as given below:

1.First, identify the malicious files in two directories (/boot and /etc/init.d)

2.Identify the supporting processes responsible for the persistence of the main process

3.Kill the malicious processes

4.Delete the malicious files (in /boot and /etc/init.d)

Additionally, disabling system root login from SSH (Secure Shell), or using a strong password will also defeat this issue.