It looks like security researchers have reached an important milestone in the ongoing war against malware. A new search engine has been revealed which can be used to sniff out malware command-and-control servers around the world. Under the Malware Hunter banner – not to be confused with the Malware Hunter software – this search engine looks to bring malware distribution to a halt in the near future.
Malware Hunter Is A Powerful Tool
It is not hard to see why security researchers around the globe are quite excited about the Malware Hunter search engine. Having a viable solution to discover command-and-control servers will provide to be useful when it comes to thwarting malware and ransomware attacks in the future. The tool is created by Shodan and Recorded Future, who are trying to become an industry leader in the fight against global cybercrime.
The way malware Hunter works is as follows: it uses search bots crawling the Internet for computers configured to act as a command-and-control server. It remains unclear if this will yield a lot of positive results, though, as C&C servers may very well reside on the darknet for all we know. Moreover, not every server will easily give up its location either, which could prove to be quite problematic.
The Malware Hunter search engine comes with a feature that will trick these servers into giving up their location, though. To be more specific, the search engine will pretend to be an infected computer reporting back to the server in question. Assuming the server will acknowledge the request and respond, the search engine will log its IP and update the Shodan interface in real time. This provides researchers with invaluable information when it comes to locating these servers and shutting them down as quickly as possible.
What makes the search engine so powerful is how it is capable of probing virtually every IP address on the Internet today. This means the algorithm is constantly looking for new computers that may act as a malware command-and-control server. Quite an intriguing development, as it should reduce the amount of time during which malware remains a problem.
In most cases, once the C&C server is shut down, the malware will no longer cause harm. Then again, some newer types of malware have shown a way tor remains a big threat even when they fail to communicate with the central server. It remains unclear if Malware Hunter will be capable of doing anything about these attacks as well. For now, this search engine is a big step in the right direction, though.
It is important to note Malware Hunter is capable of identifying several dozen C&C servers used for Remote Access Trojans. Given the recent surge in Remote Access Trojan distribution, this is quite a positive development, to say the least. The team is hopeful Malware Hunter will detect other major threats in the future, including botnets, cryptominers, and backdoor trojans.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.
