Divya's Blog

Posts Tagged ‘STEALTH


STEALTH

  • A STEALTH virus is one that, while “active“, hides the modifications it has made to files or boot records.
  • This is usually achieve by monitoring the system functions used to read files or sectors from storage media and forging the results of calls to such functions.
  • This means programs that try to read infected files or sectors see the original,uninfected form instead of the actual, infected form.
  • Thus the virus’s modifications may go undetected by antivirus programs. However, in order to do this, the virus must be resident in memory when the antivirus program is executed and *this* may be detected by an antivirus program.

 COMPANION 

  • A COMPANION virus is one that, instead of modifying an existing file, creates a new program which (unknown to the user) is executed instead of the intended program.
  • On exit, the new program executes the original program so that things appear normal.
  • On PCs this has usually been accomplished by creating an infected .
  • COM file with the same name as an existing .EXE file.
  • Integrity checking antivirus software that only looks for modifications in existing files will fail to detect such viruses

ARMORED 

  • An ARMORED virus is one that uses special tricks to make tracing, disassembling and understanding of its code more difficult.
  •  Example : Whale virus.

CAVITY

  • A CAVITY VIRUS is one which overwrites a part of the host file that is filled with a constant (usually nulls), without increasing the length of the file, but preserving its functionality.
  • Example: Lehigh virus

TUNNELLING

  • A TUNNELLING VIRUS is one that finds the original interrupt handlers in DOS and the BIOS and calls them directly, thus bypassing any activity monitoring program (see D1) which may be loaded and have intercepted the respective interrupt vectors in its attempt to detect viral activity.
  •  Some antivirus software also uses tunnelling techniques in an attempt to bypass any unknown or undetected virus that may be active when it runs.
Advertisements

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 6 other followers

Subscribe our Blog

Subscribe
CLUSTER MAPS Locations of visitors to this page

Tweets

Error: Twitter did not respond. Please wait a few minutes and refresh this page.