Security News > 2020 > June > XORDDoS, Kaiji DDoS Botnets Target Docker Servers
The distributed denial-of-service botnets named XORDDoS and Kaiji recently started targeting exposed Docker servers, Trend Micro warned on Monday.
Trend Micro has recently spotted variants that also target Docker servers.
The main difference between how XORDDoS and Kaiji target Docker servers is that the former infects all existing containers on the server, while the latter deploys the malware in its own container.
Once it has compromised a Docker server, XORDDoS runs a series of commands to identify containers and infect them with the malware that helps threat actors launch DDoS attacks, including SYN, ACK and DNS attacks.
Trend Micro researchers have also found a link between XORDDoS and a DDoS botnet tracked as AESDDoS and Dofloo, which has been known to target Docker.
News URL
Related news
- Ebury botnet malware infected 400,000 Linux servers since 2009 (source)
- Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years (source)
- Ebury botnet compromises 400,000+ Linux servers (source)
- Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique (source)
- Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks (source)
- P2PInfect botnet targets REdis servers with new ransomware module (source)