Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company?
A.
Rootkit
B.
Logic bomb
C.
Worm
D.
Botnet
Explanation:
This is an example of a logic bomb. The logic bomb is configured to `go off’ or when Jane has left the company.
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a
programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as
viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be
used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or
April Fool’s Day. Trojans that activate on certain dates are often called “time bombs”. To be considered a logic bomb, the payload should be unwanted and
unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic
bombs.
Incorrect Answers:
A: A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on acomputer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker
to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network. A rootkit may consist of spyware and other
programs that: monitor traffic and keystrokes; create a “backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network; and
alter existing system tools to escape detection. A rootkit is not what is described in this question. Therefore, this answer is incorrect.
C: A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to
spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms
almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted
computer. A worm is not what is described in this question. Therefore, this answer is incorrect.
D: A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as
keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of-service attacks. The word
botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation. Computers can be co-opted into a
botnet when they execute malicious software. This can be accomplished by luring users into making a drive-by download, exploiting web browser vulnerabilities, or
by tricking the user into running a Trojan horse program, which may come from an email attachment. This malware will typically install modules that allow the
computer to be commanded and controlled by the botnet’s operator. Many computer users are unaware that their computer is infected with bots. Depending on how
it is written, a Trojan may then delete itself, or may remain present to update and maintain the modules. A botnet is not what is described in the question.
Therefore, this answer is incorrect.http://en.wikipedia.org/wiki/Logic_bomb
http://searchmidmarketsecurity.techtarget.com/definition/rootkit http://en.wikipedia.org/wiki/Computer_worm
http://en.wikipedia.org/wiki/Botnet