Certified Ethical Hacker (CEH v12) — Question 70
Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit.
What is the technique used by Jack to launch the fileless malware on the target systems?
Answer options
- A. In-memory exploits
- B. Legitimate applications
- C. Script-based injection
- D. Phishing
Correct answer: D
Explanation
The correct answer is D, Phishing, because Jack used deceptive emails to trick employees into clicking malicious links. The other options describe different methods of attack; in-memory exploits focus on exploiting vulnerabilities in running processes, legitimate applications refer to using trusted software to gain access, and script-based injection involves injecting code into an application, none of which match the scenario presented.