Updated on 2022-09-01 GMT+08:00

Command and Control

Overview

A Domain Generation Algorithm (DGA) is an algorithm that uses random characters to generate command and control (C&C) domain names. It is commonly used by attackers to avoid domain name blacklist detection. Attackers register with malicious domain names generated by DGA and point them to C&C servers. When victims run malicious programs, their hosts connect to C&C servers through the malicious domain names. Then, attackers can remotely control the hosts.

SA can detect three types of C&C attack threats. The professional edition can detect them all. The basic and standard editions do not support C&C attack detection.

Suggestion

If a C&C threat is detected, the ECS instance may access the DGA domain name, access the remote C&C server, or establish a channel to connect to the C&C server. A malicious software access or connection behavior indicates that the ECS instance may be remotely controlled by the C&C server and may become a member of the botnet. The severity of this type of threat is High. Therefore, you are advised to perform the following operations:

  1. Scan for and remove viruses and Trojan horses on the ECS instance. If the scanning and removal fail, disable the instance.
  2. Check whether other hosts on the subnet where the instance resides are intruded.
  3. Purchase HSS.