While the XOR DDoS Trojan has been active for over a year, we’ve seen a recent surge of coverage and blog posts recently. We’ve also seen the Groundhog variant emerge. This has prompted a few of our customers to ask how their Threat Stack deployment will detect this type of attack and activity as well as what new rules need to be added to detect this.
The internet is yet again feeling the aftereffects of another “net shattering” vulnerability: a bug in the shell ‘/bin/bash’ that widely affects Linux distributions and is trivial to exploit. The vulnerability exposes a weakness in bash that allows users to execute code set in environment variables, and in certain cases allows unauthenticated remote code execution.
Possible vectors for attack include: