Tunneling Virus

A tunelling virus is a virus that attempts to intercept anti-virus software before it can detect malicious code. A tunneling virus launches itself under anti-virus programs and then works by going to the operating system’s interruption handlers and intercepting them, thus avoiding detection. Interception programs, which remain in the background of an operating system and catch viruses, become disabled during the course of a tunneling virus. Some anti-virus programs do find the malicious code attached to tunnel viruses, but they often end up being reinstalled under the tunneling virus. To combat this, some anti-virus programs use their own tunneling techniques, which uncover hidden viruses located within computer memories.

By backtracking through operating systems’ interruption chains, tunneling viruses can successfully launch themselves in the DOS and basic input/output system (BIOS) handlers. This can result in a tug of war between the anti-virus program and the virus, resulting in substantial computer system operating problems.

Post a Comment

0 Comments