Certified Ethical Hacker (CEH v11) — Question 79

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs.
What type of malware did the attacker use to bypass the company's application whitelisting?

Answer options

• A. File-less malware
• B. Zero-day malware
• C. Phishing malware
• D. Logic bomb malware

Correct answer: A

Explanation

The correct answer is File-less malware because it operates in memory and does not rely on files, thus escaping detection by traditional security measures, including application whitelisting. Zero-day malware refers to previously unknown vulnerabilities, which was not the case here. Phishing malware typically involves social engineering to steal credentials rather than exfiltrating data directly. A logic bomb triggers under specific conditions but does not directly relate to the scenario of bypassing application whitelisting.