Exam 312-50v11 topic 1 question 136 discussion

Stealth or Tunneling Virus should not be the right answer. It should be Polymorphic or metamorphic virus which is not an option. Stealth viruses try to hide from antivirus programs by actively altering and corrupting the service call interrupts while running. The virus code replaces the requests to perform operations with respect to these service call interrupts. Thoughts?

Encryption Virus: " The replication process is successfully accomplished using the encryptor. Each virus-infected file uses a different key for encryption. Encryption viruses block access to target machines or provide victims with limited access to the system. They use encryption to hide from virus scanners. The virus scanner cannot detect the encryption virus using signatures" From CEH

Encryption virus, Option D

it is D

Encryption viruses block access to target machines or provide victims with limited access to the system. They use encryption to hide from virus scanners. The virus scanner cannot detect the encryption virus using signatures, but it can detect the decrypting module. Reference: CEH v12 Pg no: 1036

A. Stealth virus: It's a type of malicious software that can change its own code to avoid being detected by antivirus programs. It can also alter its encryption or hash values when infecting files, making it hard to detect using simple virus signature methods. B. Tunneling virus: Used in network attacks, but doesn't change its own code or encrypt itself multiple times. C. Cavity virus: Infects by using empty areas in files, but doesn't explicitly mention changing its own code multiple times or encrypting itself during replication. D. Encryption virus: Encrypts parts of infected files to avoid detection, but doesn't refer to the virus changing its own code multiple times during replication.

Official Courseware equates Encryption viruses with cryptolocker viruses. Pg 1036: Encryption viruses or cryptolocker viruses penetrate the target system via freeware, shareware, codecs, fake advertisements, torrents, email spam, and so on. Encryption viruses block access to target machines or provide victims with limited access to the system. And if you research about Cryptolocker virus: https://www.proofpoint.com/au/threat-reference/cryptolocker CryptoLocker is a form of ransomware that restricts access to infected computers by encrypting its contents. So as per CEH Encryption Virus = CryptoLocker Virus = Ransomware So answer should be A. Steal Virus (and not D)

a- based on options available, stealth is best fitted option out of.

Polymorphic viruses modify their own code. The virus replicates and encrypts itself, changing its code just enough to evade detection by antivirus programs.

The correcto option si A: stealth virus. "...a stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software. Generally, stealth describes any approach to doing something while avoiding notice" "Encryption virus" is te wrong option. "They dont change the Code, only Encrypt"

The type of virus that can change its own code and then cipher itself multiple times as it replicates is called an "Encryption virus". Encryption viruses are a type of malware that encrypts their own code to make it more difficult for antivirus software to detect and remove them. As they replicate, they may use different encryption keys and algorithms to further obfuscate their code. This makes them particularly difficult to detect and remove. In contrast, "Stealth viruses" attempt to hide themselves from detection by antivirus software by intercepting system calls and returning pre-infected versions of files, while "Tunneling viruses" try to evade detection by creating a tunnel through the system's security mechanisms. "Cavity viruses" modify executable files by creating a cavity in the file where the virus can reside without altering the file size, thus making it harder to detect

A: Stealth virus: change its code + cipher ( this is way is called STEALTH, to avoid being detected) Encription virus: cipher ( only cipher to avoid being detected)

All the answers in the world and all the dump mean A is the correct answer

Types of Viruses - Encryption Virus Encryption viruses or cryptolocker viruses penetrate the target system via freeware, shareware, codecs, fake advertisements, torrents, email spam, and so on. When the attacker injects the virus into the target machine, the decryptor will first execute and decrypt the virus body. Then, the virus body executes and replicates or becomes resident in the target machine. Each virus-infected file uses a different key for encryption. (P.938/922)

I wouldn't have said it's a stealth virus, but it's definitely not an encryption virus. An encryption virus is akin to ransomware/cryptomalware, which isn't described here imo. By process of elimination I would say stealth, but only because metamorphic/polymorphic isn't an option

Encryption viruses or cryptolocker viruses penetrate the target system via freeware, shareware, codecs, fake advertisements, torrents, email spam, and so on. This type of virus consists of an encrypted copy of the virus and a decryption module. The decryption module remains constant, whereas the encryption makes use of different keys.

A stealth virus usually enters the system via infected web links, malicious email attachments, third-party application downloads, etc. The virus tricks the system to get past an antivirus program using two primary methods: 1. Code modification. To avoid detection, the virus modifies the code and virus signature of every infected file. 2. Data encryption. The virus renders the affected file inaccessible or unreadable to the user by encrypting it and also by using a different encryption key for different files. Therefore answer is Stealth virus