Hackers Use Botnets To Search For Victims

Hackers are using botnets to generate more than 80,000 search queries a day, allowing them to identify potential attack targets in a very short time and with minimal effort.

According to security firm Imperva’s latest Hacker Intelligence report (pdf), special search terms known as “Dorks” are used to home in on potential attack targets. Dorks are search queries designed to return results that contain a certain code, enabling hackers to build up a list of vulnerable webpages. They are commonly exchanged between hackers in forums, such as the Google Hacking Database.

Automating queries on search engines using a botnet enables the attacker to get a filtered list of potentially exploitable sites very quickly. As searches are conducted using botnets, and not the hacker’s IP address, the attacker’s identity remains concealed.

“Hackers have become experts at using Google to create a map of hackable targets on the web,” said Imperva’s chief technology officer Amichai Shulman. “This cyber reconnaissance allows hackers to be more productive when it comes to targeting attacks which may lead to contaminated websites, data theft, data modification, or even a compromise of company servers.”

Using botnets to avoid detection

The problem with today’s search engines is that they deploy detection mechanisms which are based on the IP address of the originating request. This means that detection can easily be avoided using a botnet, which distributes the queries across different compromised machines.

Having created a list of potentially vulnerable resources, the attacker can launch a targeted attack designed to exploit vulnerabilities in pages retrieved by the search campaign. Such attacks might include infecting web applications, compromising corporate data or stealing sensitive personal information.

Imperva recommends that search engine providers should keep an eye out for unusual suspicious queries – such as those that are known to be part of public Dorks databases, or queries that look for known sensitive files.

However, organisations also need to be aware of the risks. Due to the thorough indexing of most corporate information – including web applications – the exposure of vulnerable applications is bound to occur, warns Imperva. Businesses can protect against exploits by deploying runtime application layer security controls, such as a web application firewall or reputation-based controls.

Botnet attacks

During May and June, Imperva observed a specific botnet attack that examined dozens of returned results using paging parameters in the query. Nearly 550,000 queries were requested during the observation period. The attacker was able to take advantage of the bandwidth available to the dozens of controlled hosts in the botnet to seek and examine vulnerable applications.

Earlier this year, researchers at Kaspersky Labs discovered an ‘indestructible’ botnet controlling more than 4.5 million computers, five percent of them in the UK, which it said presented “the most sophisticated threat today”.

Meanwhile, Microsoft announced in July that the infamous Rustock botnet had been nearly halved in size and was effectively crippled, demonstrating how tech companies can coordinate with law enforcement to take down malware distributing botnets.

Sophie Curtis

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago