Security.com

stealth virus

By Rahul Awati

What is a stealth virus?

A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. It takes its name from the term stealth, which describes an approach to doing something while avoiding notice.

Typically, a stealth virus can hide in the legitimate files, partitions or boot sectors of a computing device without alerting the antivirus software or notifying the user of its presence. Once injected into a computer, the virus enables the attackers to operate and gain control over parts of the system or the entire system.

Stealth virus explained

A stealth virus could be any virus that tries to avoid detection by antivirus software. However, viruses that escape notice even if they're not specifically designed to do so are also described as stealth viruses. This sometimes occurs because the virus is new or because users haven't updated their antivirus software to be able to detect the infection.

Stealth viruses are not new. Brain, the first known virus to target IBM PCs, was a stealth virus that infected the boot sector of a floppy storage disk. Brain was created in Pakistan as an anti-piracy measure in 1986.

A stealth virus has an intelligent architecture, making it difficult to eliminate it completely from a computer system. The virus is smart enough to rename itself and send copies to a different drive or location, evading detection by the system's antivirus software. The only way to remove it is to completely wipe the computer and rebuild it from scratch.

booting a computer system from a removable disk, such as a USB drive, prevents the stealth virus from running amok before the antivirus or antimalware software scans for malware. Sophisticated, up-to-date antivirus software can also help reduce the risk of infection or eradicate a virus entirely.

Understanding how a stealth virus infects a computer

A stealth virus usually enters the system via infected web links, malicious email attachments, third-party application downloads, etc. The virus tricks the system to get past an antivirus program using two primary methods:

1. Code modification. To avoid detection, the virus modifies the code and virus signature of every infected file.
2. Data encryption. The virus renders the affected file inaccessible or unreadable to the user by encrypting it and also by using a different encryption key for different files.

Typically, when an antivirus program runs, a stealth virus hides itself in memory and uses various tricks to hide any changes it has made to files or boot records. It may maintain a copy of the original, uninfected data and also monitor system activity. When a program attempts to access data that's been altered, the virus redirects it to a storage area that maintains the original data.

An antivirus program should be able to find a stealth virus by scanning the computer's memory, as well as other areas of a computer system that are commonly targeted. But this is not always the case since the virus is designed to hide from antivirus software by concealing the size of the file it has infected, moving away from the infected file, copying itself to a different drive and replacing itself with a clean file.

Common issues associated with stealth virus attacks

When a stealth virus infects a computer system, it enables attackers to take control over a variety of system tasks. Several common issues associated with stealth virus attacks are the following:

• sudden system crashes and a prolonged time to restart;
• slow system Performance;
• appearance of unidentified icons on the computer screen;
• system may turn on or off without user intervention;
• security programs may stop working; and
• issues with printing devices.

Protecting devices against stealth viruses

There are strategies to protect against a stealth virus:

• Install strong antivirus software. A comprehensive, up-to-date antivirus program can recognize and protect systems from stealth viruses, in addition to other malware, like Trojans, worms, ransomware, spyware, adware, etc. Modern antivirus programs use a virus signature strategy to detect and eliminate stealth virus threats. These signatures must be regularly updated to ensure that the antivirus software can detect and eliminate new types of stealth viruses.
• Adhere to email security practices. To avoid being a victim of a stealth virus attack, users should not open emails or click on links within them if they're from an unknown source or look suspicious. Stealth viruses can also enter the system via email attachments, so users should not open an attachment unless it is from a trusted source.
• Ensure computing and search hygiene. Avoid visiting unfamiliar websites or websites that are known security risks. Also, avoid clicking on ads that appear on a website. Using Ad blockers eliminates ads from appearing on a webpage.

Learn how antimalware software works and the difference between malware vs. ransomware. Explore the top types of information security threats for IT teams and ways to prevent computer security threats from insiders.