Certified Ethical Hacker (CEH v13) — Question 56

Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit.
What is the technique used by Jack to launch the fileless malware on the target systems?

Answer options

• A. In-memory exploits
• B. Legitimate applications
• C. Script-based injection
• D. Phishing

Correct answer: D

Explanation

The correct answer is D, Phishing, as Jack's method involved sending fraudulent emails to trick employees into clicking on malicious links. The other options do not accurately describe the method used; in-memory exploits refer to techniques that manipulate running processes, legitimate applications are not used maliciously in this scenario, and script-based injection does not specifically relate to the email-based attack described.