C&C communication is generally associated with large botnets, but is also a significant
component of targeted attacks. Targeted attacks are often remotely orchestrated through
C&C
communication between the compromised hosts and the attackers. Malware call back to
C&C
servers for additional downloads or instructions, and can be used by attackers to
access the
compromised hosts.
C&C-related traffic in targeted attacks is often difficult to locate. Attackers change
and
redirect addresses, use legitimate sites, and even set up C&C servers inside a company's
network. Moreover, most security technologies focus solely on detecting and blocking
addresses
that are known to be malicious at that point in time. This is problematic because
reputation
scores constantly change. Addresses that are considered safe today can easily become
malicious
within the next hour or day.
In response to these issues, Retro Scan integrates the Trend Micro Smart Protection Network to discover threats. This cloud-based protection
system combines advanced threat research with intelligence from customers to provide
better
protection and minimize the impact of targeted attacks.
Retro Scan examines historical web access logs to help you discover suspicious connections
regardless of when the address is identified as malicious.