Malware cut off from its C&C servers is effectively useless to its masters, so they are continually trying to find new ways of maintaining that connection at all times.
Hardcoding the C&C servers' URL into the malware is one (poor) solution.
Peer-to-peer communication is another one.
Hiding the C&C servers in the Tor anonymity network is the latest one.
Changing C&C domains every few hours and using an algorithm to allow the malware to discover these domains at specific times is also still very popular. Through the years, botnet masters have continued to make the Domain Generating Algorithms more complex, i.e. more difficult to prevent and detect.
"A prime example of the evolution of Domain Generating Algorithms can be seen in a recently discovered new variant of the Matsnu trojan," Seculert researchers
noted.
