nerdexam
EC-Council

312-50V9 · Question #114

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

The correct answer is D. Stealth virus. A stealth virus hides from antivirus software by intercepting and manipulating operating system service call interrupts to return falsified, clean-looking data when the AV attempts to inspect infected files or memory.

Malware Threats

Question

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Options

  • ACavity virus
  • BPolymorphic virus
  • CTunneling virus
  • DStealth virus

How the community answered

(37 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    5% (2)
  • D
    89% (33)

Why each option

A stealth virus hides from antivirus software by intercepting and manipulating operating system service call interrupts to return falsified, clean-looking data when the AV attempts to inspect infected files or memory.

ACavity virus

A cavity virus hides by inserting its payload into empty or unused sections of an executable file without changing the file's overall size, but it does not manipulate interrupt calls or system service responses to actively deceive AV software.

BPolymorphic virus

A polymorphic virus evades detection by encrypting its body and mutating its decryption routine with each new infection to avoid matching known AV signatures, rather than intercepting OS interrupts to hide from scans at runtime.

CTunneling virus

A tunneling virus attempts to bypass antivirus hooks by communicating directly with lower-level interrupt handlers below the layer where AV software has inserted its intercepts, rather than altering the interrupt call responses themselves.

DStealth virusCorrect

Stealth viruses hook directly into OS interrupt service routines - such as INT 13h (disk I/O) or INT 21h (file system calls) - and actively alter the responses fed back to the antivirus scanner. When the AV reads an infected file or memory region, the virus intercepts the call and returns the original, uninfected content, deceiving the scanner. This active interception and corruption of service call interrupts is the defining characteristic of stealth viruses.

Concept tested: Stealth virus interrupt manipulation to evade antivirus detection

Source: https://www.trendmicro.com/vinfo/us/security/definition/stealth-virus

Topics

#stealth virus#antivirus evasion#interrupt hooking#malware types

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice