A botnet is a number of computing devices coupled within a network and communicating with other computing devices in an effort to complete repetitive tasks and objectives. For example, a botnet can be used to keep control of an Internet Relay Chat (IRC) channel, to send spam email or to participate in distributed denial-of-service attacks. Generally, botnets are considered malicious and a threat to a network, which needs to be detected and neutralized. A command and control server is a centralized computing device that is able to send commands and receive responses from the other computing devices part of the botnet.
Many botnets use a Domain Generation Algorithm (DGA) to identify the hostname of their command and control (C&C) servers. DGAs are algorithms used to periodically generate a large number of domain names that can be used as domains for command and control servers of botnet (or more generally for command and control servers of malware). The large number of potential command and control servers makes it difficult for law enforcement to effectively shut down botnets since infected computers will attempt to contact some of these domain names every day to receive updates or commands. The DGAs are generally deterministic algorithm, time-based and custom for each malware family.