Shodan search engine starts unmasking malware command-and-control servers

There's now a new tool that could allow companies to quickly block communications between malware programs and their frequently changing command-and-control servers. Threat intelligence company Recorded Future has partnered with Shodan, a search engine for internet-connected devices and services, to create a new online crawler called Malware Hunter. The new service continuously scans the internet to find control panels for over ten different remote access Trojan (RAT) programs, including Gh0st RAT, DarkComet, njRAT, ZeroAccess and XtremeRAT. These are commercial malware tools sold on underground forums and are used by cybercriminals to take complete control of compromised computers. To identify command-and-control (C&C) servers, the Malware Hunter crawler connects to public Internet Protocol addresses and sends traffic that replicates what these Trojan programs would send to their control panels.