Command and control (malware): Difference between revisions

In the field of [[computer security]], '''command and control''' (C&C) infrastructure consists of [[server (computing)|server]]s and other technical infrastructure used to control [[malware]] in general, and, in particular, [[botnet]]s.

<ref>{{cite web|url=http://www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf|title=Command and Control in the Fifth Domain|publisher=Command Five Pty Ltd|date=Feb 2012}}</ref> Command and control servers may be either directly controlled by the malware operators, or themselves run on hardware compromised by malware. [[Fast-flux DNS]] can be used as a way to make it difficult to track down the control servers, which may change from day to day. Control servers may also hop from DNS ___domain to DNS ___domain, with [[___domain generation algorithm]]s being used to create new DNS names for controller servers.<ref>{{cite web|url=http://www.pcworld.idg.com.au/article/417011/malware_increasingly_uses_dns_command_control_channel_avoid_detection_experts_say/|date=29 February 2012|access-date=28 March 2016|work=PC World|title=Malware increasingly uses DNS as command and control channel to avoid detection, experts say}}</ref>

*[[Advanced Persistent Threat]]

*[[Low Orbit Ion Cannon]]