A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours.
Which of the following types of malware is MOST likely causing this issue?
A.
Botnet
B.
Ransomware
C.
Polymorphic malware
D.
Armored virus
The key in here is that the attack is time specific.
“B.Ransomware”, “C.Polymorphic malware” and “D.Armored virus” once unleashed, will attack/spread without any consideration at what time of the day it is.
The only one that is time specific in here is “A- Botnet”, as the zombies are clearly responding to the manual commands of the master which are being done during off peak hours, probably in an attempt to avoid detection
A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software.
The word “botnet” is a combination of the words “robot” and “network”. The term is usually used with a negative or malicious connotation.
7
0