Support Forums top_register.gif top_calendar.gif top_members.gif top_faq.gif top_search.gif top_home.gif    

Go Back   Support Forums > General > Privacy and Security
Reload this Page Stealth Viruses
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 11-06-2002, 03:03 PM
bellgamin
Guest
  
Posts: n/a
Default Stealth Viruses
A few days ago I did a ScanDisk & was distressed to discover that my Hard Drive had developed several bad sectors.

Fortunately, my main Virus Scanner [the name of which I never post on-line] detected & reported the culprit. It was a so-called *stealth virus.*

Certain types of *stealth viruses* go after your system sectors & mark the spot where they hide their code as having bad sectors.

These types of bad guys usually go resident in memory on your PC, and infect any floppy disk which you access. Some of them will infect your diskette the instant you close the drive door.

Since they are active in memory, they will hide their presence. If you use a weaker Anti-Virus scanner to look at the boot sector of an infected diskette, the virus will intercept the attempt to read the infected sector and return instead a saved image of the original boot sector. Your AV will see the normal boot sector instead of the infected version.

Another type of *stealth virus* attacks program files rather than the system sector. The sneaky buggers modify a program file so that the original instructions are saved and executed after the virus finishes.

Just as boot sector viruses can use "stealth" techniques to hide their presence, file viruses can hide this way also.

If you do a directory listing, you will not see any increase in the length of the file. Moreover, if you attempt to read the file, the virus will intercept the request and return your original uninfected program to you. Most AV scanners will detect stealth viruses developed by script kiddies. BUT new & more sophisticated stealth viruses are showing up that can sometimes slip by an AV scan.

That is why more & more Sys Ad's & security-minded folks are turning to File Integrity Checkers [FIC]. An FIC makes an encrypted "hash" of each & every critical file on your computer. An FIC will detect ANY change to your files. Thus, an FIC can give *first warning* should your box ever be invaded by a trojan, worm, virus that somehow slips past your AV scanner. Obviously this would include NEW bad guys for which your AV program does not as yet has signatures.

The excellent FIC I use is call ADinf. You can read about it at...

http://www.adinf.com/

shaloha.........bellgamin
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 11:35 AM.

Contact Us - Support Forums - Archive - Top

Powered by: vBulletin
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.