Attackers launch malware that automatically alters itself to avoid detection, and they constantly create new domains where their command-and-control servers can hide, but researchers have come up with security software that detects the presence of attack code even if it has morphed and tracks down domains that infected client machines report to. A platform called ExecScent can detect C&C traffic and ID the malware family involved or even the specific criminal group behind it, a team of researchers will tell Usenix Security 2013 this week.