Word of the Day: command-and-control server (C&C server)

Word of the Day Daily updates on the latest technology terms | February 7, 2019 command-and-control server (C&C server) A command-and-control server (C&C server) is a computer that issues directives to digital devices that have been infected with rootkits or other types of malware, such as ransomware. C&C servers can be used to create powerful networks of infected devices capable of carrying out distributed denial-of-service (DDoS) attacks, stealing data, deleting data or encrypting data in order to carry out an extortion scheme. In the past, a C&C server was often under an attacker's physical control and could remain active for several years. Today, C&C servers generally have a short shelf life; they often reside in legitimate cloud services and use automated domain generation algorithms (DGAs) to make it more difficult for law enforcement and white hat malware hunters to locate them. A malicious network under a C&C server's control is called a botnet and the network nodes that belong to the botnet are sometimes referred to as zombies. In a traditional botnet, the bots are infected with a Trojan horse and use Internet Relay Chat (IRC) to communicate with a central C&C server. These botnets were often used to distribute spam or malware and gather misappropriated information, such as credit card numbers. Popular botnet topologies include: Star topology - the bots are organized around a central server. Multi-server topology - there are multiple C&C servers for redundancy. Hierarchical topology - multiple C&C servers are organized into tiered groups. Random topology - co-opted computers communicate as a peer-to-peer botnet (P2P botnet). Since IRC communication was typically used to command botnets, it is often guarded against. This has motivated the drive for more covert ways for C&C servers to issue commands. Alternative channels used for botnet command include JPG images, Microsoft Word files and posts from LinkedIn or Twitter dummy accounts. Quote of the Day "To protect their malicious operations, hackers are constantly looking for techniques to try and obfuscate their C&C infrastructure and to avoid takedowns by making forensic analysis, detection and attribution a lot harder." - Michael Cobb Trending Terms rootkit ransomware DDoS attack botnet topology Internet Relay Chat domain generation algorithm Learning Center How to protect backups from ransomware infiltration One of the top goals of an IT admin is to protect backups from ransomware. But sneaky advanced persistent threats can slowly infiltrate a network, poking holes in an organization's data protection setup. Get details on how ransomware gets into backups and how attacks are able to detonate later. How to defend against malicious IP addresses in the cloud In lieu of blocking a series of malicious IP addresses, what can enterprises do to protect themselves from attacks that use those IPs? Expert Rob Shapland outlines some options for organizations. Recovering from ransomware: Defend your data with best practices Ransomware is one of the major disasters snatching headlines lately, and it's no wonder why. Attacks are happening across industries, and recovering from ransomware is a complex and costly process. In this guide, we go over the ransomware threat and what the recovery process should entail. How are hackers using Twitter as C&C servers for malware? Hackers are using Twitter instead of C&C servers to spread their malicious Twitoor Android Trojan. Find out how the attack works and how to prevent it. Command-and-control servers: The puppet masters that govern malware Are there shadow networks within your enterprise? Stop malware by shutting down communication channels with command-and-control servers. Quiz Yourself A botnet is a group of computers organized to distribute spam or malware -- _________ the owners are typically unaware of the fact. a. though b. although c. even though Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.