Shodan is a platform web tool which is used to identify open access points and ports on the internet. Recorded Future is a cybersecurity threat intelligence and security research firm. According to Hacker News, Shodan and Recorded Future have teamed up to do some automated malware hunting. They have built a web crawler that searches the web for botnet command and control servers. Command-and-control servers (C&C) are centralized machines that control the bots (computers, smart appliances or smartphones), which are typically infected with Remote Access Trojans (RAT) or data-stealing malware, by sending and receiving command data. The Shodan and Recorded Future automated malware hunting crawler is noted to be very specialized, where it has been programmed to scan the internet for systems that are configured to operate as a botnet command-and-control server. The web crawler is able to perform this function by imitating an infected computer which reports back to the command-and-control server. Based on the malware hunting configuration of the web crawler’s botnet detection tool it is able to communicate back and forth on every IP address scanned on the web. If the malware and botnet hunting tool receives a positive response based on its configuration it then knows that the IP is being controlled by a malicious command and control server and reports these results on the tool. The ultimate goal of Shodan and Recorded Future’s Malware Hunter was to make it easier for security researchers to identify newly hosted C&C servers, even before having access to various malware samples. Shodan and Recorded Future also believes that the new tool will assist in cyber-threat intelligence gathering and to help anti-virus vendors identify undetectable malware and to prevent any malware from sending stolen data back to an attacker's command-and-control servers.

By Randall Sylvertooth, D.Sc.

Reference: http://thehackernews.com/2017/05/shodan-malware-hunter.html



For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

Gaithersburg, MD, USA