Accuvant labs, a global information security services and solutions provider, has published a deep dive into the anatomy of a targeted attack. They deal with targeted attacks on regular basis, and in this post they share some interesting findings of a real incident where the initial command and control mechanism was captured in action. In their investigations they traced a piece of malware that was querying a website that was acting as a Command and Control (C&C) server. They were able to mirror the entire site and reverse engineer the control mechanisms within the malware.
Read the full explanation here - http://blog.accuvantlabs.com/blog/dgrif/anatomy-targeted-attack