A Stealth or Tunneling Virus is designed specifically to evade detection by antivirus software and system monitoring tools. These viruses work by intercepting and modifying the operating system’s service call interrupts (such as INT 13h and INT 21h in DOS systems), which are used to access files or system services.

By hooking into these interrupts, the virus can return clean or forged data to antivirus scanners, thus hiding its malicious presence from detection tools.

Tunneling viruses may also operate at a lower level to evade even more advanced antivirus detection methods, making them particularly dangerous and hard to detect.

Reference – CEH v13 Official Study Guide:

Module 6: Malware Threats

Section: Types of Viruses

Quote:

“Tunneling viruses attempt to avoid detection by antivirus programs by installing themselves in the interrupt handler chain. These viruses intercept operating system calls to conceal their activities.”

Incorrect Options Explained:

A. Macro viruses target applications like Microsoft Word/Excel and use embedded macros, but do not alter service call interrupts.

C. Cavity viruses insert code into empty spaces in files without changing the file size but do not modify interrupts.

D. Polymorphic viruses mutate their code to avoid signature-based detection but do not typically interfere with system interrupts directly.