The below report indicates that the system is MOST likely infected by which of the following?
Protocol LOCAL IP FOREIGN IP STATE
TCP 0.0.0:445 0.0.0.0:0 Listening
TCP 0.0.0.0:3390 0.0.0.0:0 Listening
A.
Trojan
B.
Worm
C.
Logic bomb
D.
Spyware
This could be a Trojan on port 3390 or a worm on port 445 (Conficker worm)? But I suppose Trojan is the “MOST likely” answer because it is listening for command and control.
0
0
Agreed with Trojan 3390
0
0
First, for a few definitions:
A.Trojan- Trojan or Trojan horse is the name given to a computer virus. It is a type of computer software that is camouflaged in the form of regular software such as utilities, games and sometimes even antivirus programs. Once it runs on the computer, it causes problems like killing background system processes, deleting hard drive data and corrupting file allocation systems.
B.Worm – A computer worm is self-replicating malware that duplicates itself to spread to uninfected computers. Worms often use parts of an operating system that are automatic and invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.
C.Logic bomb – A logic bomb is a piece of code inserted into an operating system or software application that implements a malicious function after a certain amount of time, or specific conditions are met. Logic bombs are often used with viruses, worms, and trojan horses to time them to do maximum damage before being noticed
D.Spyware – As its name suggests, however, spyware is generally loosely defined as software that’s designed to gather data from a computer or other device and forward it to a third party without the consent or knowledge of the user.
This question shows the results of a netstat command.
Netstat displays protocol statistics and current TCP/IP connections.
Example: This is what I have just taken from my own PC ( which by the way is not infected with anything at all)
C:\windows\system32>netstat -a -n
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
The thing with the question is that the output is perfectkly normal, so the report is not indicative of an infection after all.
Having said that, by a simple process of elimination we can eliminate two :
In addition to that, netstat can be used to identify MALWARE.
Malware, or malicious software, is any program or file that is harmful to a computer user. Malware includes COMPUTERVIRUSES,WORMS,TROJAN HORSES AND SPYWARE. These malicious programs can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users’ computer activity without their permission.
Yet, we are to choose ONE ANSWER, and the BEST one, which is A.Trojan
0
0