Spotting the Stealth Virus

By nature, a computer virus must modify something in the host system in order for it to become active.  This may be a specific file, a boot sector, or a partition sector, more commonly known as a MBR (Master Boot Record).  Regardless of what it is, it must be modified in some type of way.  Unless the infection takes control of portions in the system to manage accesses to modifications that have been made, the changes will typically become visible, leaving the virus exposed.  This very nature has led writers to design malicious codes that are for more elusive.

Understand the Stealth Virus

A stealth virus is one that conceals the changes it makes.  This is done by taking control of system functions that interpret files or system sectors.  When other applications request data from portions of the system modified by the virus, the infection reports back the accurate, unchanged data, instead of the malicious code.  In order for this to occur, the virus must be actively present in the memory. 

An example of a stealth infection is Brain, the very fist DOS virus.  Brain is a system infector that begins by monitoring physical disks.  It then redirects all attempts to read an infected sector to sections on the disk where the original, uninfected boot sector is located.  Other viruses to follow this trend were Frodo and the Number of the Beast, two viruses classified as file infectors.

How the Stealth Virus Works

It is important to know that many viruses not only hide, but encrypt the original data they have infected.  Some victims may use traditional DOS commands such as FDISK/MBR or SYS to fix the problem, an instance that could make things much worse.  If the virus is overwritten with FDISK/MBR, the hard drive will have no way to recognize what's in the partition table and cannot access the encrypted data without aid of the virus.  For this reason, anti-virus software is recommended to eradicate a stealth virus rather than self maintenance. 

Virus coders mainly use the stealth approach to elude virus scanners.   Those that have not been designed to do so, because the malicious code is fairly new or the user's anti-virus software isn't up to date, are often described as stealth viruses as well.  The stealth technique is a contributing factor to why most anti-virus programs function best when the system is booted from a clean CD or floppy disk.  By doing this, the infection is not able to seize control of the system and the changes it makes can be exposed and immediately dealt with.

In general, a stealth virus will hide itself in system memory every time a program scanner is run.  It employs various techniques to hide any changes so that when the scanner looks for altered sections, the virus redirects it to any area that contains the clean, uninfected data.  A more advanced anti-virus program can detect a stealth virus by searching for evidence of changes within system sectors along with areas that are more susceptible to attack, regardless of how it is booted.    

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.