Editing Botnet (section)

===Control protocols===
IRC is a historically favored means of C&C because of its [[List of Internet Relay Chat commands|communication protocol]]. A bot herder creates an IRC channel for infected clients to join. Messages sent to the channel are broadcast to all channel members. The bot herder may set the channel's topic to command the botnet. For example, the message <code>:herder!herder@example.com TOPIC #channel DDoS www.victim.com</code> from the bot herder alerts all infected clients belonging to #channel to begin a DDoS attack on the website www.victim.com. An example response <code>:bot1!bot1@compromised.net PRIVMSG #channel I am DDoSing www.victim.com</code> by a bot client alerts the bot herder that it has begun the attack.<ref name=":0" />

Some botnets implement custom versions of well-known protocols. The implementation differences can be used for detection of botnets. For example, [[Mega-D]] features a slightly modified [[Simple Mail Transfer Protocol]] (SMTP) implementation for testing spam capability. Bringing down the [[Mega-D]]'s SMTP server disables the entire pool of bots that rely upon the same SMTP server.<ref>C.Y. Cho, D. Babic, R. Shin, and D. Song. {{usurped|1=[https://web.archive.org/web/20160924031813/http://www.domagoj-babic.com/index.php/Pubs/CCS10botnets Inference and Analysis of Formal Models of Botnet Command and Control Protocols]}}, 2010 ACM Conference on Computer and Communications Security.</ref>