EC-Council
312-50V9 · Question #114
312-50V9 Question #114: Real Exam Question with Answer & Explanation
The correct answer is D: Stealth virus. A stealth virus hides from antivirus software by intercepting and manipulating operating system service call interrupts to return falsified, clean-looking data when the AV attempts to inspect infected files or memory.
Question
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
Options
- ACavity virus
- BPolymorphic virus
- CTunneling virus
- DStealth virus
Explanation
A stealth virus hides from antivirus software by intercepting and manipulating operating system service call interrupts to return falsified, clean-looking data when the AV attempts to inspect infected files or memory.
Common mistakes.
- A. A cavity virus hides by inserting its payload into empty or unused sections of an executable file without changing the file's overall size, but it does not manipulate interrupt calls or system service responses to actively deceive AV software.
- B. A polymorphic virus evades detection by encrypting its body and mutating its decryption routine with each new infection to avoid matching known AV signatures, rather than intercepting OS interrupts to hide from scans at runtime.
- C. A tunneling virus attempts to bypass antivirus hooks by communicating directly with lower-level interrupt handlers below the layer where AV software has inserted its intercepts, rather than altering the interrupt call responses themselves.
Concept tested. Stealth virus interrupt manipulation to evade antivirus detection
Reference. https://www.trendmicro.com/vinfo/us/security/definition/stealth-virus
Community Discussion
No community discussion yet for this question.