Over the past six months, security researchers from Akamai’s SIRT team have observed a shift in the cyber-criminal underground to using botnets created via the BillGates malware to launch massive 100+ Gbps DDoS attacks.
The BillGates malware is a relatively old malware family aimed at Linux machines running in server environments. Its primary purpose is to infect servers, link them together in a botnet controlled via a central C&C server, which instructs bots to launch DDoS attacks at their targets.
The malware has been around for some years, and due to its (irony-filled) name is probably one of the most well-known Linux-targeting malware families.
While not as powerful as the XOR botnet, which was capable of launching 150+ Gbps attacks, BillGates attacks can go over 100 Gbps when needed.
Submitted by: Arnfried Walbrecht