Anatomy of a Botnet

Command and control are essential steps tin maintaining an operational botnet, but at the same time, they are the weakest link of the system.

Once the communication is interrupted, the computer is out of the reach of the botnet. Many times, something goes wrong with an important computer that is part of the botnet, and the botmaster risks losing the entire structure for a single station. That is why botmasters have been intensely researched on different network architectures to protect their network even when a significant part of it has been taken offline.




Image 1: a centralized Command and Control architecture. Each compromised machine reports to a C&C server that is controlled by the botmaster. Once a C&C server is shut down, its bots are lost forever

Attackers can control their botnets in a centralized manner, using peer-to

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.