Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has
left the company?
A.
Rootkit
B.
Logic bomb
C.
Worm
D.
Botnet
Explanation:
This is an example of a logic bomb. The logic bomb is configured to ‘go off’ or when Jane has left the
company.
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious
function when specified conditions are met. For example, a programmer may hide a piece of code that
starts deleting files should they ever be terminated from the company.
Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute
a certain payload at a pre-defined time or when some other condition is met. This technique can be used
by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host
systems on specific dates, such as Friday the 13th or April Fool’s Day. Trojans that activate on certain
dates are often called “time bombs”.To be considered a logic bomb, the payload should be unwanted and unknown to the user of the
software. As an example, trial programs with code that disables certain functionality after a set time are
not normally regarded as logic bombs.
Incorrect Answers:
A: A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or
computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level
access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it
allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly,
other machines on the network.
A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a
“backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network;
and alter existing system tools to escape detection. A rootkit is not what is described in this question.
C: A computer worm is a standalone malware computer program that replicates itself in order to spread
to other computers. Often, it uses a computer network to spread itself, relying on security failures on the
target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing
program. Worms almost always cause at least some harm to the network, even if only by consuming
bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. A worm is not
what is described in this question.
D: A botnet is a collection of Internet-connected programs communicating with other similar programs in
order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC)
channel, or it could be used to send spam email or participate in distributed denial-of-service attacks. The
word botnet is a combination of the words robot and network. The term is usually used with a negative or
malicious connotation.
Computers can be co-opted into a botnet when they execute malicious software. This can be
accomplished by luring users into making a drive-by download, exploiting web browser vulnerabilities, or
by tricking the user into running a Trojan horse program, which may come from an email attachment.
This malware will typically install modules that allow the computer to be commanded and controlled by
the botnet’s operator. Many computer users are unaware that their computer is infected with bots.
Depending on how it is written, a Trojan may then delete itself, or may remain present to update and
maintain the modules. A botnet is not what is described in the question.
http://en.wikipedia.org/wiki/Logic_bomb
http://searchmidmarketsecurity.techtarget.com/definition/rootkit
http://en.wikipedia.org/wiki/Computer_worm
http://en.wikipedia.org/wiki/Botnet