14 DAY TRIAL // Shodan has been updated with a new feature that can find malware command and control servers.
The search engine for open portals and databases has been of great help since it was introduced. Now, however, it is making it so much easier for everyone to find the servers that control botnets, which is expected to result in law enforcement cracking down on them.
The new search engine was introduced earlier this week and it can be used to find the servers that control the malware that plagues our computers.
Security firm Recorded Future helped create this new tool that digs around the Internet for command and control servers of remote access trojans (RATs). These often infect computers with malware that allows the attackers to record from the device's microphone, webcam, and even keystrokes. Finding the command and control centers can be difficult since they can be anywhere in the world and law enforcement has been having a hard time with this. Now, with Shodan, things just got a lot easier.
In order to succeed, Shodan's crawler pretends to be an infected client reporting back to the C2 server. In order to figure out which server is controlling malware, the crawler pings every IP address on the Internet. If it gets a working response, it knows that's the server it needs.
Already successful
Thus far, Shodan has found over 3,000 command and control servers operating 10 different kinds of trojans.
People who want to play around with Shodan's Malware Hunter can do so, but they might encounter some security software alerts as they do so.
"Malware Hunter doesn't perform any attacks and the requests it sends don't contain any malicious content. The reason your security product raised an alert is because it is using a signature that should only be used for traffic leaving the network (egress) but is incorrectly being applied to incoming traffic (ingress)," they explain.
A free Shodan account is needed to view the results.