|
|
|
command-and-control server
(C&C server)
|
from whatis.com
A command-and-control
server (C&C server) is a computer that issues directives to
digital devices that have been infected with rootkits or other types of
malware, such as ransomware. C&C servers can be used to create powerful
networks of infected devices capable of carrying out distributed
denial-of-service (DDoS) attacks, stealing data, deleting data or encrypting
data in order to carry out an extortion scheme. In the past, a C&C server
was often under an attacker's physical control and could remain active for
several years. Today, C&C servers generally have a short shelf life; they
often reside in legitimate cloud services and use automated domain generation
algorithms (DGAs) to make it more difficult for law enforcement and white hat
malware hunters to locate them.
A
malicious network under a C&C server's control is called a botnet and the
network nodes that belong to the botnet are sometimes referred to as zombies.
In a traditional botnet, the bots are infected with a Trojan horse and use
Internet Relay Chat (IRC) to communicate with a central C&C server. These
botnets were often used to distribute spam or malware and gather
misappropriated information, such as credit card numbers.
Popular
botnet topologies include:
- Star topology - the bots are organized around a
central server.
- Multi-server topology - there are multiple C&C
servers for redundancy.
- Hierarchical topology - multiple C&C servers are
organized into tiered groups.
- Random topology - co-opted computers communicate as a
peer-to-peer botnet (P2P botnet).
Since IRC
communication was typically used to command botnets, it is often guarded
against. This has motivated the drive for more covert ways for C&C
servers to issue commands. Alternative channels used for botnet command
include JPG images, Microsoft Word files and posts from LinkedIn or Twitter
dummy accounts.
|
|
No comments:
Post a Comment