CompTIA Security+ (SY0-501) — Question 672

A company notices that at 10 a.m. every Thursday, three users' computers become inoperable. The security analyst team discovers a file called where.pdf.exe that runs on system startup. The contents of where.pdf.exe are shown below:
@echo off
if [c:\file.txt] deltree C:\
Based on the above information, which of the following types of malware was discovered?

Answer options

• A. Rootkit
• B. Backdoor
• C. Logic bomb
• D. RAT

Correct answer: C

Explanation

The correct answer is C, Logic bomb, because the malware is designed to execute at a specific time, which is characteristic of a logic bomb. Options A (Rootkit) and B (Backdoor) do not fit as they do not operate based on a scheduled time, and D (RAT) refers to remote access tools, which are not related to the timing behavior described.