Shodan’s new tool to find Malware C&C Servers

4May - by Dawood Khan - 0 - In News

Rapidly growing, insecure internet-connected devices are becoming albatross around the necks of individuals and organizations with malware authors routinely hacking them to form botnets that can be further used as weapons in DDoS and other cyber attacks.

The Week in Ransomware – June 9th 2017 Another week of mostly small ransomware releases. Ultimately, this is a good thing as the vast majority of these are never released. Of biggest note is a macOS RaaS, a new Jaff variant,  and the potential for a new ransomware called Spectre.Contributors and those who provided...

But now finding malicious servers, hosted by attackers, that control botnet of infected machines gets a bit easier. Thanks to Shodan and Recorded Future.

Shodan and Recorded Future have teamed up and launched Malware Hunter – a crawler that scans the Internet regularly to identify botnet command and control (C&C) servers for various malware and botnets.Command-and-control servers (C&C servers) are centralized machines that control the bots (computers, smart appliances or smartphones), typically infected with Remote Access Trojans or data-stealing malware, by sending commands and receiving data.

Malware Hunter results have been integrated into Shodan – a search engine designed to gather and list information about all types of Internet-connected devices and systems.

How Does Malware Hunter Identify a C&C Server?

You might be wondering how Malware Hunter will get to know which IP address is being used to host a malicious C&C server.

For this, Shodan has deployed specialised crawlers, to scan the whole Internet to look for computers and devices configured to function as a botnet C&C server by pretending to be infected computer that is reporting back to the command and control server.The crawler effectively reports back to every IP address on the Web as if the target IP is a C&C and if it gets a positive response, then it knows the IP is a malicious C&C server.

Using GSam to Its Fullest Potential Figuring out exactly which apps on your phone are eating through resources and battery life can be a difficult task. Though some information can be found in Android's battery menu, the charts and graphs provided here pale in comparison to what's offered by the GSam app. If you ...

"RATs return specific responses (strings) when a proper request is presented on the RAT controller's listener port," according to a 15-page report [PDF] published by Recorded Future.

"In some cases, even a basic TCP three-way handshake is sufficient to elicit a RAT controller response. The unique response is a fingerprint indicating that a RAT controller (control panel) is running on the computer in question."

Malware Hunter Already Identified Over 5,700 Malicious C&C Servers

We gave it a try and found impressive results, briefly mentioned below:Malware Hunter has already identified over 5,700 command-and-control servers around the World.
Top 3 Countries hosting command and control servers include United States (72%), Hong Kong (12%) and China (5.2%).
Five popular Remote Access Trojan (RAT) that are widely being used include Gh0st RAT Trojan (93.5%), DarkComet trojan (3.7%), along with a few servers belong to njRAT Trojan, ZeroAccess Trojan, and XtremeRAT Trojan.
Shodan is also able to identify C&C servers for Black Shades, Poison Ivy, and Net Bus.

To see results, all you have to do is search for "category:malware" without quotes on Shodan website.

Malware Hunter aims at making it easier for security researchers to identify newly hosted C&C servers, even before having access to respective malware samples.

This intelligence gathering would also help anti-virus vendors identify undetectable malware and prevent it from sending your stolen data back to attacker's command-and-control servers.

Hackers Leaked ABC TV Show Premiere First Eight Episodes on Torrent Site The hacker group known as The Dark Overlord (TDO) leaked today the first eight episodes of an upcoming TV game show, set to premiere on ABC on Sunday, June 11.The show's name is Steve Harvey's Funderdome, a seed-funding competition reality series where two budding entrepreneu...

Leave a Reply

Your email address will not be published. Required fields are marked *