Malware that has hijacked Linux systems for the past year has been recorded flooding targeted websites at speeds of over 150Gbps.

The Linux botnet, known as XOR DDoS or XOR.DDoS, is orchestrating attacks on around 20 targets a day, according go Akamai, which in late August blocked two attacks against customers that measured 50 Gbps and 100 Gbps, respectively.

XOR.DDoS was discovered almost exactly one year ago by researchers at the MalwareMustDie! group, which found it attempts to brute force SSH login credentials for the root user of a Linux system. In other words, it doesn't take advantage of a specific vulnerability. As per security vendor, Avast, if the credentials are guessed correctly, the attackers install Xor.DDoS via a shell script and, to prevent removal, will also attempt to install a rootkit.