• A Trojan’s Update Point, also known as a Command & Control Point or C&C Server, is a URL accessed by a bot in order to receive commands or configuration files. Bots are usually instructed to check for new commands or configuration files at a predefined frequency set by the Trojan author. For example, while some bots check for new instructions every 15 minutes, some check for new instructions every 24 hours. (As part of its mitigation procedure, RSA shuts down Trojans’ update points to prevent bots from receiving new, updated instructions that could, for example, command the bot to send compromised credentials to a new drop point.)