Q: 15
[Handling and Responding to Malware Incidents]
An attacker traced out and found the kind of websites a target company/individual is
frequently surfing and tested those particular websites to identify any possible
vulnerabilities. When the attacker detected vulnerabilities in the website, the attacker
started injecting malicious script/code into the web application that can redirect the
webpage and download the malware onto the victim’s machine. After infecting the
vulnerable web application, the attacker waited for the victim to access the infected web
application.
Identify the type of attack performed by the attacker.
Options
Discussion
My pick: D here. Cookie/session poisoning is when you tamper with session data to hijack someone’s session, and if the attacker infects a web app, they might be going after cookies. The redirection and malware part threw me off though. Watering hole is close but I think cookie/session poisoning could fit if the goal was stealing sessions. Not 100% on this, could be a trap. Correct me if I'm off!
A
Be respectful. No spam.
