A botnet is a large collection of compromised computers controlled by a command structure including a master computer operated by an individual or group of individuals commonly known as a bot-master or a bot-herder. The command structure may also include additional computers, commonly known as command and control servers, for disseminating instructions from the bot-master. The compromised computers in the botnet, commonly known as drones or zombies, are used by the botnet command structure to stage various malicious and/or illegal activities including, for example, sending SPAM, launching denial-of-service attacks, scanning networks for vulnerability, stealing information, propagating computer viruses, and the like.
In order to receive updated or current instructions, compromised computer drones typically contact the command and control servers to receive instructions from the bot-master. The traffic associated with such communication is low in volume and can be difficult to distinguish from normal, good traffic emanating from the compromised computer.