Finding the servers that control botnets is about to get a little bit easier.
Shodan, the search engine for open ports and databases, debuted a new search engine on Tuesday that can over time find the servers that control some of the most intrusive kinds of malware.
With the help of security firm Recorded Future, the crawler digs around the internet for command and control (C2) servers of remote access trojans (RATs).
These trojans infect computers with malware that allows the malware controller to record from the device’s microphone, webcam, and record keystrokes.
Finding the command and control servers in an effort to shut them down is traditionally fairly difficult, but Shodan aims to make that easier.
In an explainer, Shodan said that the crawler pretends to be an infected client that’s reporting back to a command and control server. Because the crawler doesn’t know which server is a working malware controller, it pings every IP address on the internet to ask. If it gets a working response, it knows that the IP address is a command and control server.
Shodan users need to log in (with a free account) to see the results.
Source: SANS ISC SecNewsFeed @ May 2, 2017 at 11:39AM