During a server audit, a security administrator does not notice abnormal activity. However, a
network security analyst notices connections to unauthorized ports from outside the corporate
network. Using specialized tools, the network security analyst also notices hidden processes
running. Which of the following has MOST likely been installed on the server?

A.
SPIM

B.
Backdoor

C.
Logic bomb

D.
Rootkit