Certified Incident Handler (CIH) Practice Ecam

What technique involves injecting malware into seemingly legitimate websites to trick users?

• A. Phishing
• B. Socially Engineered Click-Jacking
• C. Drive-by Downloads
• D. Cross-site Scripting

The correct answer is: Socially Engineered Click-Jacking

The technique that involves injecting malware into seemingly legitimate websites to trick users is known as socially engineered click-jacking. This method manipulates a user into clicking on something different from what the user perceives, which can result in the unintentional activation of malicious scripts or actions. By crafting a deceptive interface or overlay that disguises the true nature of the action (such as clicking a button that appears safe), attackers can exploit user trust and the regular human behavior of clicking on familiar content. This is a sophisticated form of web-based attack because it relies not only on technical vulnerabilities but also leverages psychological manipulation to deceive users. The attacker may mask the actual link or action, making it appear benign, while the click ultimately leads to harmful consequences, like unwittingly installing malware or providing sensitive information. In contrast, the other options involve different mechanisms of deception or exploitation, such as phishing directed at users through emails, drive-by downloads where malicious code is downloaded automatically without user interaction, and cross-site scripting which aims to execute malicious scripts in a user's browser. These techniques do not specifically focus on the combination of user interface manipulation and social engineering to trick users into executing harmful actions on legitimate sites, which is the hallmark of socially engineered click-jacking.