Revision as of 01:09, 10 March 2015 edit Postcard Cathy (talk \| contribs) Extended confirmed users 149,419 edits added Category:Malware; removed {{uncategorized}} using HotCat ← Previous edit		Revision as of 01:54, 15 March 2015 edit undo Impsswoon (talk \| contribs) 3,659 edits servers Next edit →
Line 1: {{unreferenced\|date=February 2015}} In the field of [[computer security]], '''command and control''' (C&C) infrastructure consists of ~~servers~~[[server]]s and other technical infrastructure used to control [[malware]] in general, and, in particular, [[botnet]]s. Command and control servers may be either directly controlled by the malware operators, or themselves run on hardware compromised by malware. [[Fast-flux DNS]] can be used as a way to make it difficult to track down the control servers, which may change from day to day. Control servers may also hop from DNS ___domain to DNS ___domain, with [[___domain generation algorithm]]s being used to create new DNS names for controller servers. In some cases, computer security experts have succeeded in destroying or subverting malware command and control networks, by, among other means, seizing servers or getting them cut off from the Internet, denying access to domains that were due to be used by malware to contact its C&C infrastructure, and, in some cases, breaking into the C&C network itself. In response to this, C&C operators have resorted to using techniques such as overlaying their C&C networks on other existing benign infrastructure such as [[IRC]] or [[Tor]], using [[peer-to-peer networking]] systems that are not dependent on any fixed servers, and using [[public key encryption]] to defeat attempts to break into or spoof the network.

Command and control (malware): Difference between revisions