Hackers armed with a browser and specially crafted search queries are using botnets to generate more than 80,000 daily queries, identify potential attack targets and build an accurate picture of the resources within that server that are potentially exposed. By automating the query and result parsing, the attacker can carry out a large number of search queries, examine the returned results and get a filtered list of potentially exploitable sites in a very short time and with minimal effort. Because searches are conducted using botnets, and not the hacker’s IP address, the attacker’s identity remains concealed.
