Shodan can now find malware command and control servers (ZDNet)

(Image: Shodan)

Finding the servers that control botnets is about to get a little bit easier.

Shodan, the search engine for open ports and databases, debuted a new search engine on Tuesday that can over time find the servers that control some of the most intrusive kinds of malware.

With the help of security firm Recorded Future, the crawler digs around the internet for command and control (C2) servers of remote access trojans (RATs).

These trojans infect computers with malware that allows the malware controller to record from the device’s microphone, webcam, and record keystrokes.

Finding the command and control servers in an effort to shut them down is traditionally fairly difficult, but Shodan aims to make that easier.

In an explainer, Shodan said that the crawler pretends to be an infected client that’s reporting back to a command and control server. Because the crawler doesn’t know which server is a working malware controller, it pings every IP address on the internet to ask. If it gets a working response, it knows that the IP address is a command and control server.

So far, the search engine has found more than 3,000 command and control servers operating 10 separate kinds of trojans, including Dark Comet and Poison Ivy.

Shodan users need to log in (with a free account) to see the results.

Source: SANS ISC SecNewsFeed @ May 2, 2017 at 11:39AM

0
Share