A botnet is a collection of infected systems that are controlled by an attacker. Typically systems are joined automatically, by abusing common weaknesses (vulnerabilities) in software.

When the attacker manages to break into a system, a little program is activated to join the botnet. From that moment, this new system is considered to be a 'zombie'. The attacker can remotely give all zombies a particular task to complete. Such task might be sending spam emails, attacking other targets, or overwhelm websites with dummy requests.

Command and Control Center

The command and control center (C&C or C2), is the interface that instructs zombies within a botnet to perform specific tasks. Such tasks can include sending out spam, perform Distributed Denial of Service attacks (DDoS), or send other types of requests.

The C&C interface may be centralized or distributed. In the latter, this is done to make it more robust against intelligence firms and their task to disable the C&C systems.