Jump to content
Login new information ×
Login new information

Shodan Gets New Tool, Can Now Find Malware Command and Control Servers

CrAKeN

By CrAKeN
in Security & Privacy News

Recommended Posts

CrAKeN

CrAKeN

Posted
Posted

shodan-gets-new-tool-can-now-find-malwar

 

Shodan gets powerful new tool to hunt malware C2

 

Shodan has been updated with a new feature that can find malware command and control servers. 

 

The search engine for open portals and databases has been of great help since it was introduced. Now, however, it is making it so much easier for everyone to find the servers that control botnets, which is expected to result in law enforcement cracking down on them.

 

The new search engine was introduced earlier this week and it can be used to find the servers that control the malware that plagues our computers.

 

Security firm Recorded Future helped create this new tool that digs around the Internet for command and control servers of remote access trojans (RATs). These often infect computers with malware that allows the attackers to record from the device's microphone, webcam, and even keystrokes. Finding the command and control centers can be difficult since they can be anywhere in the world and law enforcement has been having a hard time with this. Now, with Shodan, things just got a lot easier.

 

In order to succeed, Shodan's crawler pretends to be an infected client reporting back to the C2 server. In order to figure out which server is controlling malware, the crawler pings every IP address on the Internet. If it gets a working response, it knows that's the server it needs.

 

Already successful


Thus far, Shodan has found over 3,000 command and control servers operating 10 different kinds of trojans.

 

People who want to play around with Shodan's Malware Hunter can do so, but they might encounter some security software alerts as they do so.

 

"Malware Hunter doesn't perform any attacks and the requests it sends don't contain any malicious content. The reason your security product raised an alert is because it is using a signature that should only be used for traffic leaving the network (egress) but is incorrectly being applied to incoming traffic (ingress)," they explain.

 

A free Shodan account is needed to view the results.

 

Source

Link to comment
Share on other sites
  • Views 345
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...