Frequently Asked Questions

What is malware hunter?

Malware Hunter is a specialized Shodan crawler that explores the Internet looking for command & control (C2s) servers for botnets. It does this by pretending to be an infected client that’s reporting back to a C2. Since we don’t know where the C2s are located the crawler effectively reports back to every IP on the Internet as if the target IP is a C2. If the crawler gets a positive response from the IP then we know that it’s a C2.

Why did my security software raise an alert?

Malware Hunter doesn’t perform any attacks and the requests it sends don’t contain any malicious content. The reason your security product raised an alert is because it is using a signature that should only be used for traffic leaving the network (egress) but is incorrectly being applied to incoming traffic (ingress). In other words: the security product is using a signature that was meant to detect when a computer on your network was infected and reporting back to a C2. However, the signature is also being applied to all traffic going into your network which is why it’s raising a false alert.

Src and full details :

Malware Hunter : C2s Server Botnets Crawler by Shodan