Attackers create fraudulent websites that appear legitimate; when visited, they scan the victim's plugins for vulnerabilities to exploit in the browser memory. This technique is called what?

• A. Memory code injection
• B. Fileless malware
• C. Legitimate applications
• D. Malicious websites

Answer: (D)

The main idea is delivering malware through a web page that looks legitimate. Attackers set up fraudulent websites that victims visit, and these sites probe the browser’s plugins for known vulnerabilities to execute code in memory and install malware. This delivery method—using a compromised or deceptive website to trigger an exploit—is captured by labeling the approach as malicious websites. The other options describe how the malware behaves once active (memory code injection, fileless malware) or what it is (legitimate applications), but they don’t describe the attack vector itself. In real-world terms, this is a drive-by-style infection via a malicious website, hence the best fit among the choices.