Shodan’s new tool to find Malware C&C Servers

4May - by Dawood Khan - 0 - In News

Rapidly growing, insecure internet-connected devices are becoming albatross around the necks of individuals and organizations with malware authors routinely hacking them to form botnets that can be further used as weapons in DDoS and other cyber attacks.

Uber has lost $2.8 billion from last year Uber's gross bookings for 2016 hit $20 billion, more than doubling from the year prior, according to financial figures the company provided to Bloomberg. Its net revenue, after drivers took their cut, totaled $6.5 billion for the year.But that rapid growth came at a cost. Ube...

But now finding malicious servers, hosted by attackers, that control botnet of infected machines gets a bit easier. Thanks to Shodan and Recorded Future.

Shodan and Recorded Future have teamed up and launched Malware Hunter – a crawler that scans the Internet regularly to identify botnet command and control (C&C) servers for various malware and botnets.Command-and-control servers (C&C servers) are centralized machines that control the bots (computers, smart appliances or smartphones), typically infected with Remote Access Trojans or data-stealing malware, by sending commands and receiving data.

Malware Hunter results have been integrated into Shodan – a search engine designed to gather and list information about all types of Internet-connected devices and systems.

How Does Malware Hunter Identify a C&C Server?

You might be wondering how Malware Hunter will get to know which IP address is being used to host a malicious C&C server.

For this, Shodan has deployed specialised crawlers, to scan the whole Internet to look for computers and devices configured to function as a botnet C&C server by pretending to be infected computer that is reporting back to the command and control server.The crawler effectively reports back to every IP address on the Web as if the target IP is a C&C and if it gets a positive response, then it knows the IP is a malicious C&C server.

Technology Explained Technology ("science of craft", from Greek τέχνη, techne, "art, skill, the cunning of hand") is the collection of techniques, skills, methods and processes used in the production of goods or services or in the accomplishment of objectives, such as scientific investigation. Techno...

"RATs return specific responses (strings) when a proper request is presented on the RAT controller's listener port," according to a 15-page report [PDF] published by Recorded Future.

"In some cases, even a basic TCP three-way handshake is sufficient to elicit a RAT controller response. The unique response is a fingerprint indicating that a RAT controller (control panel) is running on the computer in question."

Malware Hunter Already Identified Over 5,700 Malicious C&C Servers

We gave it a try and found impressive results, briefly mentioned below:Malware Hunter has already identified over 5,700 command-and-control servers around the World.
Top 3 Countries hosting command and control servers include United States (72%), Hong Kong (12%) and China (5.2%).
Five popular Remote Access Trojan (RAT) that are widely being used include Gh0st RAT Trojan (93.5%), DarkComet trojan (3.7%), along with a few servers belong to njRAT Trojan, ZeroAccess Trojan, and XtremeRAT Trojan.
Shodan is also able to identify C&C servers for Black Shades, Poison Ivy, and Net Bus.

To see results, all you have to do is search for "category:malware" without quotes on Shodan website.

Malware Hunter aims at making it easier for security researchers to identify newly hosted C&C servers, even before having access to respective malware samples.

This intelligence gathering would also help anti-virus vendors identify undetectable malware and prevent it from sending your stolen data back to attacker's command-and-control servers.

Amazon Self-Driving Vehicles for More Efficient, Cheaper Delivery Amazon has set up a skunkworks project to explore using self-driving vehicles to deliver packages. Amazon wouldn’t necessarily develop the vehicles themselves. Instead, it wants to see how driverless vehicles would improve package delivery and make Amazon more efficient.The...

Leave a Reply

Your email address will not be published. Required fields are marked *