Certified Ethical Hacker (CEH v11) — Question 379
Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit.
What is the technique used by Jack to launch the fileless malware on the target systems?
Answer options
- A. In-memory exploits
- B. Legitimate applications
- C. Script-based injection
- D. Phishing
Correct answer: D
Explanation
The correct answer is D, Phishing, because Jack used fraudulent emails to trick employees into clicking malicious links. While A (In-memory exploits) and C (Script-based injection) describe methods of malware execution, they don't specifically address the deceptive approach used to lure victims, and B (Legitimate applications) does not relate to the method of malware delivery employed in this scenario.