The Linux-based botnet has been known for over a year, however, it was only recently found by Akamai’s Security Intelligence Response Team attacking systems by compromising embedded devices like routers and then gaining SSH access. As per security vendor, Avast, if the credentials are guessed correctly, the attackers install Xor.DDoS via a shell script and, to prevent removal, will also attempt to install a rootkit. That name is XOR DDoS. So far Xor DDOS has mainly attacked educational and gaming websites and 90% of them took place in Asia.
More here.