After a user reports slow computer performance, a system administrator detects a suspicious file, which was installed as part of a freeware software package. The systems administrator reviews the output below:
Based on the above information, which of the following types of malware was installed on the user’s computer?
A.
RAT
B.
Keylogger
C.
Spyware
D.
Worm
E.
Bot
C
“Winserver.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.”
source: http://www.softwaretipsandtricks.com/dangerous_files/1527-SysDirwinserverexe.html
0
12
Pilot- Worms do all of that too
0
6
The correct answer is Worm.
Wannacry uses SMB v1.0 and TCP port 445 to compromise Windows machine and load the malware; and also propagates into other machines.
0
3
No, the answer is RAT!
According to Darril Gibson ( He talks about it in his Security + SY0-501 Study Guide):
Answer is A. The winserver.exe file is a remote access Trojan (RAT). All of the other executable names displayed by netstat are valid.
The RAT acronym stands for Remote Administration Tool. A RAT is a software, popularly used to control other computers remotely.
To hack a computer remotely using a RAT, you have to create a server and then send this server to the victim whose computer you’re trying to hack. Generally, this server is binded to any file, like a picture or song, so that whenever the victim opens the file on his computer, our server is installed. This server opens a port on the victim’s computer, allowing you to remotely hack the device via the open port.
Some examples of RATs are:
Prorat
Turkojan
Yuri RAT and many other.
A worm is self-replicating malware that travels throughout a network without the assistance of a host application or user interaction.
A logic bomb is a string of code embedded into an application or script that will execute in response to an event.
Ransomware is a specific type of Trojan that typically encrypts the user’s data until the user pays a ransom.
Ransomware that encrypts data is often called crypto-malware.
Because winserver.exe is known malware, the netstat output does indicate malware is running.
I hope that helps
18
0
Remote access trojan? Would jive with the free software package.
0
0