As IoT threats and malware infections lead to massive botnets used in DDoS attacks shaking up the tech world, Shodan now offers to hunt down bad guys. In collaboration with threat intelligence provider Recorded Future, Shodan has integrated an online crawler that detects up to 10 different live RATs, including Black Shades, Dark Comet, njRAT, XtremeRAT, Poison Ivy, and Net Bus, by scanning for command and control servers affiliated to RATs.
“This methodology is the first to use Shodan to locate RAT controllers before the malware samples are found,” said Levi Gundert, vice president of intelligence and strategy at Recorded Future. “By doing it this way — signature scans for RAT controller IP addresses, observing malware through our API, and cross-correlating it with a variety of sources — we are able to locate RAT controllers before the associated malware begins spreading or compromising targeted victims.”
RATs, for sale on the dark web, are used by both independent criminals and government-backed attackers to gain control of compromised systems, to record conversations and videos, employ keylogging features and secretly collect confidential data.
“While the number of results varies, Shodan typically identifies between 400 and 600 individual RAT controllers on any given day,” reads the report from Recorded Future. The tool has so far identified more than 5,700 servers, mostly US-based.
“The capabilities that Malware Hunter brings to security researchers and threat analysts will greatly help the community’s ability to track RAT family proliferation and other attacks and prevent them from taking the internet hostage,” said John Matherly, Shodan’s founder. “We’re excited to be partnering with Recorded Future on this important project.”
tags
After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats.
View all postsNovember 14, 2024
September 06, 2024