bellgamin
11-06-2002, 03:03 PM
A few days ago I did a ScanDisk & was distressed to discover that my Hard Drive had developed several bad sectors.
Fortunately, my main Virus Scanner [the name of which I never post on-line] detected & reported the culprit. It was a so-called *stealth virus.*
Certain types of *stealth viruses* go after your system sectors & mark the spot where they hide their code as having bad sectors.
These types of bad guys usually go resident in memory on your PC, and infect any floppy disk which you access. Some of them will infect your diskette the instant you close the drive door.
Since they are active in memory, they will hide their presence. If you use a weaker Anti-Virus scanner to look at the boot sector of an infected diskette, the virus will intercept the attempt to read the infected sector and return instead a saved image of the original boot sector. Your AV will see the normal boot sector instead of the infected version.
Another type of *stealth virus* attacks program files rather than the system sector. The sneaky buggers modify a program file so that the original instructions are saved and executed after the virus finishes.
Just as boot sector viruses can use "stealth" techniques to hide their presence, file viruses can hide this way also.
If you do a directory listing, you will not see any increase in the length of the file. Moreover, if you attempt to read the file, the virus will intercept the request and return your original uninfected program to you. Most AV scanners will detect stealth viruses developed by script kiddies. BUT new & more sophisticated stealth viruses are showing up that can sometimes slip by an AV scan.
That is why more & more Sys Ad's & security-minded folks are turning to File Integrity Checkers [FIC]. An FIC makes an encrypted "hash" of each & every critical file on your computer. An FIC will detect ANY change to your files. Thus, an FIC can give *first warning* should your box ever be invaded by a trojan, worm, virus that somehow slips past your AV scanner. Obviously this would include NEW bad guys for which your AV program does not as yet has signatures.
The excellent FIC I use is call ADinf. You can read about it at...
http://www.adinf.com/
shaloha.........bellgamin
Fortunately, my main Virus Scanner [the name of which I never post on-line] detected & reported the culprit. It was a so-called *stealth virus.*
Certain types of *stealth viruses* go after your system sectors & mark the spot where they hide their code as having bad sectors.
These types of bad guys usually go resident in memory on your PC, and infect any floppy disk which you access. Some of them will infect your diskette the instant you close the drive door.
Since they are active in memory, they will hide their presence. If you use a weaker Anti-Virus scanner to look at the boot sector of an infected diskette, the virus will intercept the attempt to read the infected sector and return instead a saved image of the original boot sector. Your AV will see the normal boot sector instead of the infected version.
Another type of *stealth virus* attacks program files rather than the system sector. The sneaky buggers modify a program file so that the original instructions are saved and executed after the virus finishes.
Just as boot sector viruses can use "stealth" techniques to hide their presence, file viruses can hide this way also.
If you do a directory listing, you will not see any increase in the length of the file. Moreover, if you attempt to read the file, the virus will intercept the request and return your original uninfected program to you. Most AV scanners will detect stealth viruses developed by script kiddies. BUT new & more sophisticated stealth viruses are showing up that can sometimes slip by an AV scan.
That is why more & more Sys Ad's & security-minded folks are turning to File Integrity Checkers [FIC]. An FIC makes an encrypted "hash" of each & every critical file on your computer. An FIC will detect ANY change to your files. Thus, an FIC can give *first warning* should your box ever be invaded by a trojan, worm, virus that somehow slips past your AV scanner. Obviously this would include NEW bad guys for which your AV program does not as yet has signatures.
The excellent FIC I use is call ADinf. You can read about it at...
http://www.adinf.com/
shaloha.........bellgamin