Final answer:
The correct answer is option A, which is a stored injection attack. The student's description of malware being injected on a server and subsequently infecting devices visiting that site is an example of a stored injection attack.
Step-by-step explanation:
The stored attack is when the malware resides persistently on the server, affecting users over time.
This type of attack occurs when malware is planted in a server, and this malware is subsequently delivered to users who access content from that server. Unlike reflected or DOM-based attacks which are typically active only during a session and in response to a user's actions, a stored attack embeds malicious content on the server beforehand, which affects all users accessing the website without the need for a specific user interaction.
It's called a stored attack because the malware resides on the server persistently, thus infecting devices over a prolonged period. Such an attack usually targets the vulnerable storage of a web application (like a database or file system) where the data is retrieved and displayed to users. This contrasts with brute force attacks, which are attempts to crack passwords through systematic trial and error, rather than injecting malicious code.