Command and control servers (C&C servers) are computers that issue commands to members of a botnet. Botnet members may be referred to a zombies and the botnet itself may be referred to as a zombie army.
In a traditional botnet, the bots are typically infected with a Trojan horse and use Internet Relay Chat (IRC) to communicate with a central C&C server. Botnets are often used to distribute malware and gather misappropriated information, such as credit card numbers. Depending on the purpose and structure of the botnet, the C&C server may also issue commands to begin a DDoS (distributed denial of service) attack.
Popular botnet topologies include:
- Star topology - the bots are organised around a central server.
- Multi-server topology - there are multiple C&C servers for redundancy.
- Hierarchical topology - multiple C&C servers are organized into tiered groups.
- Random topology - coopted computers communicate as a peer-to-peer botnet (P2P botnet).
Since IRC communication is typically used to command botnets, it is often guarded against, which has motivated the drive for more covert ways for C&C servers to issue commands. Alternative channels used for botnet command include JPG images, Microsoft Word files and posts from LinkedIn or Twitter dummy accounts.
Learn more about botnet command and control in this video: