Question

A technician is evaluating malware that was found on the enterprise network. After reviewing samples of the malware binaries, the technician finds each has a different hash associated with it. Which of the following types of malware is MOST likely present in the environment?

a. Trojan
b. Polymorphic worm
c. Rootkit
d. Logic bomb
e. Armored virus

Answer 1

(b) polymorphic worm

Step-by-step explanation:

A polymorphic worm can be compared with a chameleon. It changes its color so as to blend with the background of the surrounding to avoid being seen or caught. A polymorphic worm is a special type of worm that keeps changing its constituent features in order to avoid being detected. The most common way in which polymorphic worms hide their codes is by using encryption.

Polymorphic worms have two parts: the part that changes and the one that does not change. The part that changes include the characteristics of the worm such as encryption key, associated hash value e.t.c. The part that does not change is basically its functionality. Therefore, although the characteristics of the worm keep changing, its overall function remains the same.