ChachaDDoS is a relatively new strain of malware used to wage denial-of-service attacks on other sites. The malware offers a variety of advanced features, including ways to prevent administrators from easily finding it on servers and analysing it. It runs on 32- and 64-bit ARM, x86, x86_64, MIPS, MIPSEL, and PowerPC. Researchers from Sophos described it as part of a newly discovered DDoS botnet they call Chalubo.

  • Look for unexpected outbound traffic, like on 8852/tcp.
  • Change any default passwords (the brute force attempts to cycle through common, publicly known default passwords).
  • Better yet, use SSH keys instead of passwords for logins.