312-50V9 · Question #114
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
The correct answer is D. Stealth virus. A stealth virus hides from antivirus software by intercepting and manipulating operating system service call interrupts to return falsified, clean-looking data when the AV attempts to inspect infected files or memory.
Question
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
Options
- ACavity virus
- BPolymorphic virus
- CTunneling virus
- DStealth virus
How the community answered
(37 responses)- A3% (1)
- B3% (1)
- C5% (2)
- D89% (33)
Why each option
A stealth virus hides from antivirus software by intercepting and manipulating operating system service call interrupts to return falsified, clean-looking data when the AV attempts to inspect infected files or memory.
A cavity virus hides by inserting its payload into empty or unused sections of an executable file without changing the file's overall size, but it does not manipulate interrupt calls or system service responses to actively deceive AV software.
A polymorphic virus evades detection by encrypting its body and mutating its decryption routine with each new infection to avoid matching known AV signatures, rather than intercepting OS interrupts to hide from scans at runtime.
A tunneling virus attempts to bypass antivirus hooks by communicating directly with lower-level interrupt handlers below the layer where AV software has inserted its intercepts, rather than altering the interrupt call responses themselves.
Stealth viruses hook directly into OS interrupt service routines - such as INT 13h (disk I/O) or INT 21h (file system calls) - and actively alter the responses fed back to the antivirus scanner. When the AV reads an infected file or memory region, the virus intercepts the call and returns the original, uninfected content, deceiving the scanner. This active interception and corruption of service call interrupts is the defining characteristic of stealth viruses.
Concept tested: Stealth virus interrupt manipulation to evade antivirus detection
Source: https://www.trendmicro.com/vinfo/us/security/definition/stealth-virus
Topics
Community Discussion
No community discussion yet for this question.