Ambiguity between spyware & botnets

juvenileslilbrothajuvenileslilbrotha Member Posts: 17 ■□□□□□□□□□
This is a sample question I stumbled across:

While browsing the Internet, an administrator notices their browser behaves erratically, appears to download something, and then crashes. Upon restarting the PC, the administrator notices performance is extremely slow and there are hundreds of outbound connections to various websites. Which of the following BEST describes what has occurred?
A.
The PC has become part of a botnet.

B.
The PC has become infected with spyware.

C.
The PC has become a spam host.
D.
The PC has become infected with adware.

I am using the comptia sec+ study guide by Glen Clarke. The definitions for Botnets and spyware are too identical. Spyware and botnets both slow the system down, they both are hidden, they both do browser redirection. I cannot find anything singularly identifiable to tell spyware from a botnet for test purposes. Depending on literally one or two word changes made to the question above it can be either or.

What strategy are you guys using to get around this ambiguity?

Comments

  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    I really don't remember questions quite like this on the Security+ exam. I seem to recall being required to know the difference between various types of malware, but not to this level. This question is also phrased very poorly IMO, and would have multiple correct answers.

    I can't comment as to the quality of Glen Clarke's book, but I have to wonder if there isn't a better practice exam source available to you. Even Comptia's questions don't leave quite this much room for interpretation.

    As far as the actual definition, spyware and botnets are pretty different. Spyware records something on your PC - browsing habits, passwords, etc., while botnets are collections of computers that a nefarious third part has gained control of. Botnets are usually used for an attack or distribution of some other kind of malware, though in one notable case a botnet simply had scareware/ransomeware distributed to it.

    For this question, it is too vague in my opinion. "Hundreds of outbound connections to various web sites" does not identify the types of connections. Although they are identified as "web sites", I would want to see something more along the lines of "the web browser began opening hundreds of web sites" or "the administrator noticed in the Netstat utility that there were hundreds of open connections on port x to various URLs". Lacking that sort of clarification, I could justify answering the question with any of the available answers.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • the_hutchthe_hutch Banned Posts: 827
    Unfortunately, these vague questions that don't have a clear answer will plague you throughout your IT career. I wish I could tell you this is just a problem with CompTIA...but you are likely to find yourself wanting to punch the monitor with almost any IT test, because the question doesn't give you enough information to answer it. Fortunately, it is usually only a small percentage of the questions. Before going in for a test, you should know the content well enough that you don't have to worry about the very likely possibility that there will be questions like this on the exam.
  • DarrilDarril Member Posts: 1,588
    I echo ptilsen's answer that spyware and botnets are very different. More, I'd say that it's important to understand the differences.

    Perhaps your book explains the differences somewhere else a little better but spyware will typically only have one connection to upload your private data. A zombie that's part of a botnet can be controlled and directed to connect to hundreds of other computers as part of an attack. Some botnets include millions of zombies but spyware controls a single computer. Here are some articles you may like.

    What is a botnet?

    Botnet Protection | Avoid Malware | Protect your PC

    What Is Spyware | What Does Spyware Do | How To Prevent Spyware
Sign In or Register to comment.