Exam 220-1002 topic 1 question 73 discussion

It's a Trojan, not a Rootkit. This question is also on Jason Dion's questions, here's the explanation he gives: OBJ-2.4: A trojan is a type of malware that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT), which is used to allow an attacker to remotely control a workstation or steal information from it. To operate, a trojan will create numerous processes that run in the background of the system.

This is, LITERALLY, the definition of a Trojan. Now could a Trojan install a rootkit, sure, but there is nothing in the question that demonstrates root/admin type processes being run. It is clear there has been a Trojan, it is not possible to say what sort of payload it has (and that payload could be A, B, or D.)

Why so many comments when the answer is so obvious?

It is possible the malware got onto the computer via Trojan. However the question tells us that the malware is using up resources by running a lot of processes in the background which is what rootkits do as they might be trying to hide their presence. The trojan does not do that but is rather a tool used to get the rootkit on the users PC. The answer is rootkit. Not Randsomware or Keylogger.

theres a reason why its called a trojan for a reason, it hides as a nonchalant file with other tasks at hand, rootkits are barely noticable to begin with.

trojan

Seems trojan is the answer. Rootkit is a set of software the question asks the type of infection.

Ok, this is coming from someone that's been using Trojans since BackOrfice2k and SubSeven days(google those)lol Trojan/RAT A trojan is a client/server architecture software(its a 2 pieces of software). The victim/target is infected with the server which sits silently on the O/S, usually starts up as a service or an executable remains hidden and is lightweight. Server then opens a backdoor(a layer 4) TCP port on the victims machine. This server can be designed in way to brute force open a port on HIPS(host based firewalls etc)(windows firewall for example). Once the server opens this port on victims node, it listens to the socket(IP:port) on the local system(victim). The client side of the trojan controlled by the attacker, makes connection to the server. Once the connection is established the client proceeds with sending commands to server to perform action on the local infected machine. Creating Trojan was part of my dissertation back in 2007. In nutshell that is what a Trojan or RAT does!

Answer from Udemy for same type of question, Udemy answer was Trojan, and explanation for rootkit is not that easy to notice and view.

Rootkit is a term applied to a type of malware that is designed to infect a target PC and allow an attacker to install a set of tools that grant him persistent remote access to the computer. ... In recent years, a new class of mobile rootkits have emerged to attack smartphones, specifically Android devices.

A. Rootkit is correct. Question: "...notices a lot of unknown processes running in the background." Definition: Rootkits are software programs that have the ability to hide from OS, number of processes running on a system that don't show up in Task Manager.

I will go for Trojan.... For example, a rootkit can make processes that run but are hidden from Windows Task Manager, registry keys that can't be seen with Regedit, and network connections that are not viewable by Netstat

Rootkit is correct

1. Rootkit : Rootkit is a set of application, a type of malware that is designed to infect a target PC and allow an attacker to install a set of tools that grant him persistent remote access to the computer. The malware typically pretended itself as normal files that “hide in plain sight” so your antivirus software overlooks them. It enables administrator-level access to a computer or computer network. The motive is to steal the identity information from your computer, often to gain control of a system. It is difficult to detect and remove, requires the specialized tools to remove. 2. Trojan Horse : Trojan Horse is also a type of malware which uses false and fake name for mislead users from its true intent and executing them. Trojan Horses generally install on the system as legitimate and useful software that can give unauthorized access and control of the system to the hackers. Back orifice, Rootkit and Beast Trojan are some of the common Trojan horse which is more harmful.

I don’t know why the argument is undoubtedly that it is Trojan .. This was also one of the most important questions in my exam today

"Trojan" has to do with how the malware presents itself to the user. It embeds itself in a program that does something else. A binary that has been infected with a trojan works as intended but does the additional unwanted actions. "Virus.exe" that has been renamed to "calculator.exe" is not a trojan. A calculator program that works that has also been infected, is a trojan. You might never know that you have been infected because the program you ran works as intended. "Rootkit" has to do with where the malware resides on the system. Once the malware code has been run, it infects the most basic parts of the system so that it is always run, even if the system is rebooted or the running malware code is removed. A trojan might not be a rootkit, and a rootkit might not be a trojan. Some malware might be neither. https://security.stackexchange.com/questions/181221/what-exactly-is-the-meaning-of-trojan-and-rootkit

Answer is rootkit. Trojan gives access to someone but do run like root does. I have made Trojan myself and know what its capable of.