312-50V10 · Question #164
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
The correct answer is A. Stealth virus. A stealth virus evades antivirus detection by intercepting and manipulating OS interrupt service routines at runtime to conceal its presence and file modifications.
Question
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
Options
- AStealth virus
- BTunneling virus
- CCavity virus
- DPolymorphic virus
How the community answered
(37 responses)- A89% (33)
- C8% (3)
- D3% (1)
Why each option
A stealth virus evades antivirus detection by intercepting and manipulating OS interrupt service routines at runtime to conceal its presence and file modifications.
Stealth viruses hook into operating system interrupt service routines (such as INT 13h for disk I/O) and intercept calls at runtime, returning falsified data - for example reporting the original uninfected file size or unmodified content - so that antivirus scans observe a clean system. By actively corrupting these interrupt handler calls while they execute, the virus masks both its own existence and any changes it has made to system resources.
A tunneling virus bypasses security software by jumping beneath any hooks to call the original interrupt handlers directly, rather than altering the interrupt calls themselves - it avoids interception rather than corrupting it.
A cavity virus hides by overwriting unused space (padding) within host files so the file size does not change, not by manipulating interrupt service routines.
A polymorphic virus evades detection by mutating its own code or encryption key between infections to change its byte signature, not by intercepting OS calls.
Concept tested: Stealth virus interrupt handler interception and manipulation
Source: https://www.cisa.gov/sites/default/files/publications/Understanding-Denial-of-Service-Attacks_S508C.pdf
Topics
Community Discussion
No community discussion yet for this question.