CompTIA Security+ (SY0-501) — Question 682

A company has just experienced a malware attack affecting a large number of desktop users. The antivirus solution was not able to block the malware, but the
HIDS alerted to C2 calls as `˜Troj.Generic'. Once the security team found a solution to remove the malware, they were able to remove the malware files successfully, and the HIDS stopped alerting. The next morning, however, the HIDS once again started alerting on the same desktops, and the security team discovered the files were back. Which of the following BEST describes the type of malware infecting this company's network?

Answer options

• A. Trojan
• B. Spyware
• C. Rootkit
• D. Botnet

Correct answer: C

Explanation

The correct answer is C, Rootkit, because a rootkit allows unauthorized users to maintain access to a system while hiding its presence. The malware was able to reinstall itself after removal, indicating deep system access typical of rootkits. The other options do not exhibit this behavior; Trojans deliver payloads, spyware collects data, and botnets control compromised systems, but none inherently reestablish themselves after removal like rootkits do.