A systems administrator is troubleshooting a production server that is exhibiting unusually high network traffic and CPU utilization. However, when the administrator runs standard command-line tools like netstat and top, the reported processes and connections do not account for the resource usage. An anti-malware scan of the running operating system completes without detecting any threats. Which of the following types of malware is MOST likely causing these symptoms?
The correct answer is a rootkit. A rootkit is a type of malicious software designed to gain privileged access to a computer while actively hiding its presence. It often modifies core operating system components or the kernel to conceal its processes, files, and network activity from standard monitoring tools like netstat or Task Manager. This aligns perfectly with the scenario where resource utilization is high, but the responsible processes are not visible to the administrator.
A polymorphic virus is incorrect because while it changes its code to evade signature-based antivirus detection, it does not inherently hide its active processes or network connections from OS-level monitoring tools.
Ransomware's primary goal is to encrypt files and demand a payment, a very overt and noticeable action, rather than hiding its own resource consumption.
Adware is focused on displaying unwanted advertisements and is typically a nuisance on client machines, not a stealthy, resource-intensive threat on servers.