For the past week or two we've received Network Attack Alerts relating to Botnet.CnC.Generic detections across all our (Australian based) clients.
According to VirusRadar (https://www.virusradar.com/en/home/world) this is currently the most common threat detection, yet I've been able to find no information about it. The detections are on inbound traffic from a small number of IP addresses. We're seeing them mostly on port 443 (as that is one of the few ports they have open), but we have seen it on port 2222 (ESET ERA) also.
It's not clear whether ESET File Security is taking any action to block these threats.
These are some of the source IP addresses we're seeing:
My understanding of CnC threat traffic is generally triggered from the infected machine so would be outbound rather than inbound, so I am somewhat confused by these notifications .
Can anyone shed any light on how ESET detects a "Botnet.CnC.Generic" threat so I can determine whether this is something we need to respond to (e.g. is it just based on the source IP address?)
Also, is anyone aware of CnC servers that would be spraying out traffic to web hosts?