Browse Definitions :

BACKGROUND IMAGE: iSTOCK/GETTY IMAGES

This content is part of the Essential Guide: Recovering from ransomware: Defend your data with best practices
Definition

command-and-control server (C&C server)

Contributor(s): Matthew Haughn

A command and control server (C&C server) is a computer that issues directives to digital devices that have been infected with rootkits or other types of malware, such as ransomware. C&C servers can be used to create powerful networks of infected devices capable of carrying out distributed denial-of-service (DDoS) attacks, stealing data, deleting data or encrypting data in order to carry out an extortion scheme. In the past, a C&C server was often under an attacker's physical control and could remain active for several years. Today, C&C servers generally have a short shelf life; they often reside in legitimate cloud services and use automated domain generation algorithms (DGAs) to make it more difficult for law enforcement and white hat malware hunters to locate them. 

A malicious network under a C&C server's control is called a botnet and the network nodes that belong to the botnet are sometimes referred to as zombies. In a traditional botnet, the bots are infected with a Trojan horse and use Internet Relay Chat (IRC) to communicate with a central C&C server. These botnets were often used to distribute spam or malware and gather misappropriated information, such as credit card numbers. 

Popular botnet topologies include:

  • Star topology - the bots are organized around a central server.
  • Multi-server topology - there are multiple C&C servers for redundancy.
  • Hierarchical topology - multiple C&C servers are organized into tiered groups.
  • Random topology - coopted computers communicate as a peer-to-peer botnet (P2P botnet).

Since IRC communication was typically used to command botnets, it is often guarded against. This has motivated the drive for more covert ways for C&C servers to issue commands. Alternative channels used for botnet command include JPG images, Microsoft Word files and posts from LinkedIn or Twitter dummy accounts.

Learn more about botnet command and control in this video:

This was last updated in January 2017

Continue Reading About command-and-control server (C&C server)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

SearchSecurity

  • orphan account

    An orphan account, also referred to as an orphaned account, is a user account that can provide access to corporate systems, ...

  • voice squatting (skill squatting)

    Voice squatting is an attack vector for voice user interfaces (VUIs) that exploits homonyms (words that sound the same but are ...

  • WPA3

    WPA3, also known as Wi-Fi Protected Access 3, is the third version of the security certification program developed by the Wi-Fi ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity policy

    Business continuity policy is the set of standards and guidelines an organization enforces to ensure resilience and proper risk ...

  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • warm site

    A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes...

SearchStorage

  • cache memory

    Cache memory, also called CPU memory, is high-speed static random access memory (SRAM) that a computer microprocessor can access ...

  • enterprise storage

    Enterprise storage is a centralized repository for business information that provides common data management, protection and data...

  • disk array

    A disk array, also called a storage array, is a data storage system used for block-based storage, file-based storage or object ...

Close