312-50V10 · Question #801
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
The correct answer is A. Stealth/ Tunneling virus. A stealth/tunneling virus evades anti-virus detection by intercepting and corrupting OS interrupt service calls so that scanning tools receive falsified information about the system.
Question
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
Options
- AStealth/ Tunneling virus
- BMacro virus
- CCavity virus
- DPolymorphic virus
How the community answered
(33 responses)- A91% (30)
- C6% (2)
- D3% (1)
Why each option
A stealth/tunneling virus evades anti-virus detection by intercepting and corrupting OS interrupt service calls so that scanning tools receive falsified information about the system.
Stealth and tunneling viruses operate by hooking directly into interrupt service routines (ISRs) at the OS level, redirecting system calls so that anti-virus software receives falsified responses - such as the original clean file data or size - instead of the infected version. This active manipulation of interrupt vectors at runtime is the defining characteristic that allows the virus to remain hidden while executing.
Macro viruses embed malicious code inside document macros such as those in Word or Excel files and do not interact with OS interrupt service routines.
Cavity viruses conceal themselves by overwriting unused padding sections within executable files to avoid increasing file size, but they do not alter interrupt calls or service routines.
Polymorphic viruses mutate their own encryption and code structure to change their detectable signature with each infection cycle, but they do not specifically target or corrupt OS interrupt service calls.
Concept tested: Stealth virus interrupt-level evasion technique
Topics
Community Discussion
No community discussion yet for this question.