Command and control
Central system controlling a botnet
C&C servers are central points used for the control of botnets. Bots will usually report back in some way, often via IRC or other simple messaging protocols, once a new system is infected, and will then receive commands from the central server.
Many forms of bot join dedicated chat sessions run on the C&C server, posting updates on their status and listening out for keywords which spark specific actions, such as sending out spam emails or downloading updated versions of their own code. Harvested data such as email address lists and banking details may also be posted to the C&C server, from where the botmaster can gather them and use them for further spamming and fraud.
Recently more sophisticated botnets have begun using dstributed control systems, communicating information and commands peer-to-peer to avoid the vulnerable single-point-of-failure represented by the C&C server.
