New XorDDoS Malware Allows Attackers to Create Sophisticated DDoS Bot Network

Hundreds of people have signed a petition calling for the removal of the names of two people from a list of Pembrokeshire-based Pupils, who are also known as the PPPs.

Pulse ID: 6802f9594194962b1a050c5f
Pulse Link: https://otx.alienvault.com/pulse/6802f9594194962b1a050c5f
Pulse Author: cryptocti
Created: 2025-04-19 01:16:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

From 14 to 17 April NoName057(16) group paid by the Russian regime, calling themselves hacktivists, consistently DDoSed several companies linked to Polish critical infrastructure. Their attacks were successfully repelled and had absolutely no impact.
Usually, in this context, we hear about attacks that made systems and websites unavailable. It's time to change that.

#Poland
#StandWithUkraine
#DDoS
#CyberAttack
#criticalinfrastructure
#noname
#DDOSIA

Unmasking the new XorDDoS controller and infrastructure

The XorDDoS trojan, a DDoS malware targeting Linux machines, continues to spread globally with over 70% of attacks targeting the United States from Nov 2023 to Feb 2025. The operators are believed to be Chinese-speaking individuals based on language settings. A new 'VIP version' of the XorDDoS controller and central controller have been discovered, enabling more sophisticated and widespread attacks. The malware uses SSH brute-force attacks to gain access and implements persistence mechanisms. A new central controller allows threat actors to manage multiple sub-controllers simultaneously, enhancing attack coordination. The infection chain, decryption methods, and network communication patterns between the trojan, sub-controller, and central controller are analyzed in detail.

Pulse ID: 6800fccf8db6537ac15e75fb
Pulse Link: https://otx.alienvault.com/pulse/6800fccf8db6537ac15e75fb
Pulse Author: AlienVault
Created: 2025-04-17 13:06:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Well, also there status page is down:
#spotify #statuspage
#ddos by its users

JScript to PowerShell: Breaking Down a Loader Delivering XWorm and Rhadamanthys

This analysis examines a sophisticated malware loader that utilizes JScript to launch obfuscated PowerShell code, ultimately delivering payloads such as XWorm and Rhadamanthys. The loader employs geofencing tactics, targeting victims in the United States with XWorm RAT, while deploying Rhadamanthys stealer to users outside the U.S. The attack chain involves multiple stages of obfuscation and deobfuscation, including decimal encoding and string manipulation. The final payload is injected into RegSvcs.exe using reflective loading techniques. The loader also performs various cleanup actions to evade detection and remove traces of its activity. Both XWorm and Rhadamanthys are advanced malware variants with capabilities ranging from DDoS attacks to cryptocurrency theft.

Pulse ID: 67ff46c3697a4976dc919b5d
Pulse Link: https://otx.alienvault.com/pulse/67ff46c3697a4976dc919b5d
Pulse Author: AlienVault
Created: 2025-04-16 05:57:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

I have just taken the time to thoroughly read the following article

This article has led me to the conclusion that an Open{source} War will have to be waged against LLM large language model abusers of data collection.

The work of these bots is pure DDoS denial of service. An interesting set of offensive tools have been programmed and are already implemented. They have proven to be quite effective and are being refined into sophistication to literally work to knock these networks of bots offline, in a DOT MMORPG approach.

It is unthinkable that LLM bots steal our Open Source resources servers bandwidth and financial cashflow without serious repercussions!

WTF are LLM companies thinking? Even Meta has waged war against us!

LLM has waged a brutal war.

The Open Source Community is responding; even those at The Dark Side of the internet are making tools to assist everyone against Artificial Intelligence LLM DDoS attacks, which knock whole Open Source Networks offline, as we speak.

It doesn't matter if in the end it looks like a Terminator landscape globally on the IT scale. Open source will win. LLM will disappear...

Via #LLRX @psuPete Recommends Weekly highlights on cyber security issues, 4/12/25 5 highlights - #Biometrics vs. #passcodes: What lawyers recommend if you’re worried about #warrantless phone searches; #DDoS Attacks Now Key Weapons in Geopolitical Conflicts, NETSCOUT Warns; #Google Maps doubles down on preventing fake reviews; Large number of US adults view #AI as a threat: Report; Explosive Growth of Non-Human Identities Creating Massive #Security Blind Spots https://www.llrx.com/2025/04/pete-recommends-weekly-highlights-on-cyber-security-issues-april-12-2025/ #privacy

Just wanted to share some thoughts on #RFC9715 - an #RFC that defines standards on reducing the #DNS issue of IP fragmentation over #UDP. It's not a long read, but a good one for everyone who understands the issues of large UDP responses on the #Internet. A great leap forward to (hopefully) reduce the reflection/amplification #DDoS potential of DNS.

Just today I learned that #Google will configure their public DNS resolvers to limit to ~1400 bytes (smaller adjustments expected while figuring out the sweet spot in production). From now on, DNS responses which exceed this limit will have the truncated flag set instructing the client to resolve back to #TCP.

New scraped proxy list for MegaMedusaL4, get full IP : https://www.minimedusa.lol/ip/current-scrapedL4.txt or cleaned IP : https://www.minimedusa.lol/ip/current-scraped-cleanedL4.txt - #ThreatIntel #Ddos #MegaMedusa

#LLRX #CyberSecurity @bespacific

Pete Recommends – Weekly highlights on cyber security issues, April 12, 2025

Five highlights from this week: #Biometrics vs. passcodes: What lawyers recommend if you're worried about warrantless phone searches; #DDoS Attacks Now Key Weapons in Geopolitical Conflicts, #NETSCOUT Warns; Google Maps doubles down on preventing fake reviews; Large number of US adults view AI as a threat: Report; and Explosive Growth of Non-Human Identities (#NHI) Creating Massive Security Blind Spots.

Posted in: #AI Cybercrime, Cybersecurity, #Privacy

https://www.llrx.com/2025/04/pete-recommends-weekly-highlights-on-cyber-security-issues-april-12-2025/

ActivityPub is great to connect your WordPress blog to the Fediverse. However, depending on the activity, it is possible to create an accidental DDoS against the own server.

[…]

https://epiph.yt/en/blog/2025/accidental-ddos-through-activitypub-plugin/

Had to adjust my .htaccess file today, because a SEO company had their bot trying to scrape my site. It didn't get further than the index-page, but it was comparable to a small DDoS, as in 5700 hits per minute.
Now let's hope the adjustment helps.
If it doesn't then their domain will be added to the firewall. And if they continue, I'll ask my lawyer to send a cease & desist. But for now: let's hope those motherfuckers stay away.

The infamous Mirai botnet is back and it's smarter—exploiting vulnerabilities in smart devices and DVRs to launch massive attacks. How secure are our everyday gadgets?

https://thedefendopsdiaries.com/the-resurgence-of-the-mirai-botnet-a-global-cybersecurity-threat/

#mirai
#iotsecurity
#cyberthreats
#ddos
#botnet

RE: "Denial"

Jeremy Keith on the Denial of using AI.

https://kevingimbel.de/link-blog/re-https-adactio-com-journal-21831

#linkblog #SuggestedRead #ai #tech #ddos #open web

I've seen a real uptick the past couple of days in attacks on my IP address space. Not sure if I'm being targeted, or part of a wider campaign. Oh well, fail2ban makes quick work of them

#DDoS Attacks on the Rise, but How Can You Prevent One?

DDoS attacks are increasing each year. But what actually are they? And how can your business prevent them from occurring?

https://tech.co/news/what-ddos-attack-how-prevent

I'm having trouble figuring out what kind of botnet has been hammering our web servers over the past week. Requests come in from tens of thousands of addresses, just once or twice each (and not getting blocked by fail2ban), with different browser strings (Chrome versions ranging from 24.0.1292.0 - 108.0.5163.147) and ridiculous cobbled-together paths like /about-us/1-2-3-to-the-zoo/the-tiny-seed/10-little-rubber-ducks/1-2-3-to-the-zoo/the-tiny-seed/the-nonsense-show/slowly-slowly-slowly-said-the-sloth/the-boastful-fisherman/the-boastful-fisherman/brown-bear-brown-bear-what-do-you-see/the-boastful-fisherman/brown-bear-brown-bear-what-do-you-see/brown-bear-brown-bear-what-do-you-see/pancakes-pancakes/pancakes-pancakes/the-tiny-seed/pancakes-pancakes/pancakes-pancakes/slowly-slowly-slowly-said-the-sloth/the-tiny-seed

(I just put together a bunch of Eric Carle titles as an example. The actual paths are pasted together from valid paths on our server but in invalid order, with as many as 32 subdirectories.)

Has anyone else been seeing this and do you have an idea what's behind it?

So apart from the attempt to open a lot of Facebook accounts using my domain, my site has also been under sporadic DDoS attacks. I hope you don't have too much trouble connecting at times.

And no, I have no idea who I ticked off now.

DNS Attacks – Explained

#ddos #dns #java

https://svenruppert.com/2025/04/07/dns-attacks-explained/