Stealth viruses are a type of computer virus that actively attempts to hide its presence and activities on an infected system. Unlike other viruses that may display visible symptoms or trigger noticeable effects, stealth viruses employ various techniques to avoid detection by antivirus software and other security measures.
These techniques include modifying their own code or the code of infected files to evade detection, intercepting and altering system calls to conceal their actions, and manipulating file timestamps to avoid suspicion.
Stealth viruses often reside in the computer’s memory, making them difficult to detect and remove. Their primary goal is to remain undetected while continuing to infect and compromise the system.
Stealth viruses additional characteristics:
-
Polymorphic Nature: Stealth viruses often possess polymorphic capabilities, meaning they can change their code structure or appearance each time they infect a new file or system. This makes it challenging for traditional signature-based antivirus software to identify and block them.
-
Rootkit Functionality: Some stealth viruses incorporate rootkit techniques to gain deep-level access and control over the infected system. By exploiting vulnerabilities in the operating system, they can manipulate system functions, hide their presence from detection tools, and maintain persistence even after system reboots.
-
Anti-Antivirus Measures: Stealth viruses employ anti-antivirus techniques to hinder detection by security software. These measures may involve disabling or evading real-time scanning, terminating or corrupting antivirus processes, or modifying the antivirus program’s files or registry entries to render it ineffective.
-
File and Boot Sector Infection: Stealth viruses commonly infect executable files and the boot sector of storage devices. By infecting the boot sector, they ensure their activation during the system startup process, enabling them to load before the operating system and antivirus software.
-
Stealthy Payload Execution: Stealth viruses often execute their malicious payload discreetly, taking precautions to avoid raising suspicion or triggering alarms. They may employ techniques such as code obfuscation, encryption, or executing malicious code in small, dispersed fragments to evade detection.
-
Data Corruption: Some stealth viruses intentionally corrupt data on infected systems, causing errors or rendering files unusable. This tactic serves to distract users and administrators from suspecting the presence of a virus and to create a sense of urgency in resolving the apparent issues.
-
Network Propagation: Stealth viruses can exploit network vulnerabilities and spread to other connected systems, making them capable of infecting multiple machines within a network environment. They may use various propagation methods, such as exploiting unpatched software, leveraging shared drives or resources, or using social engineering techniques to trick users into executing infected files.
