Command and control

Central system controlling a botnet

C&C servers are central points used for the control of botnets. Bots will usually report back in some way, often via IRC or other simple messaging protocols, once a new system is infected, and will then receive commands from the central server.

Many forms of bot join dedicated chat sessions run on the C&C server, posting updates on their status and listening out for keywords which spark specific actions, such as sending out spam emails or downloading updated versions of their own code. Harvested data such as email address lists and banking details may also be posted to the C&C server, from where the botmaster can gather them and use them for further spamming and fraud.

Recently more sophisticated botnets have begun using dstributed control systems, communicating information and commands peer-to-peer to avoid the vulnerable single-point-of-failure represented by the C&C server.

Glossary


	Similar entries Browser Helper Object Buffer overflow Cookie False positive Greyware Hacker tool Hosts file Man-in-the-middle attack Open redirect Potentially unwanted Riskware Rogue anti-malware Social engineering Stack overflow Vulnerability Web bug Zero-day exploit See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

Malware Prevalence

Autorun
Encrypted/Obfuscated
Heuristic/generic
Sality
Zbot

View this month's full report

Virus Bulletin currently has 224,243 registered users.

Fighting malware and spam

Command and control

See also