Command and control channels are an often unappreciated bit of art. Yes art. Most folks don’t pay that much attention to them, professionally or personally. But as a person that spends most of my day finding and picking them apart I can tell you there are some very interesting things going on behind your favorite malware or fake AV warning on the desktop. So let’s explore some of the recent stuff and reminisce about the past, from an IDS point of view. Not thinking like an antivirus engineer looking at registry keys, APIs and system calls. I can’t imagine the difficulties in that life.