A tunneling virus is any virus that gets installed before an antivirus can detect it. It executes without alerting the sensors of the operating system (OS) to avoid antivirus detection.
A tunneling virus disables a computer’s interception programs. While some antivirus solutions can detect the malicious code, they can’t stop this type of virus from getting installed. More advanced antivirus programs that employ tunneling strategies may be the only ones capable of detecting and preventing the execution of a tunneling virus.
You can compare a tunneling virus to thieves entering an establishment via the sewer system, so they don’t have to deal with alarms.
Viruses usually employ tunneling strategies to find a way around antivirus solutions. Many launch in the basic input/output system (BIOS) that runs even before the OS. That results in an ongoing battle between the tunneling virus and the antivirus solution that ultimately crashes the OS.
What Are Some of the Most Notable Tunneling Viruses?
We have seen tons of tunneling viruses over the years. We listed down three of the most popular below.
Eddie Virus
Eddie is a memory-resident (stays in the system and runs continuously) tunneling virus that originated from Bulgaria. It was created by Dark Avenger and spread havoc from the late 1980s to the 1990s. That’s why Eddie is also known as “Dark Avenger virus” or “Dark_Avenger.1800.A.”
Eddie is one of the first viruses from Bulgaria that spread far and wide, reaching users in the U.S., West Germany, and Russia. It is never idle as it remains in the background and awaits commands. It commonly infects .exe and .com files.
Dark Avenger made two additional variants of Eddie, namely:
Eddie.V2000: This variant contained the text string “Copy me – I want to travel” and “(c) 1989 by Vesselin Bontchev.”
Eddie.V2100: This variant, meanwhile, had the strings “Eddie lives,” “(c) 1990 by Vesselin Bontchev,” and “Eddie.”
Frodo Virus
The most advanced memory-resident tunneling virus is probably the Frodo virus. It can evade detection efficiently. It spreads to .exe and .com files, turning them memory-resident as well for 100 years. It also has the potential to corrupt other files.
Users of infected systems can see how many of their files are Frodo-infected by looking at the directory. And should they decide to reboot, they’ll see “FRODO LIVES!” on their screens.
Bulgarian Yankee_Doodle Virus
The Bulgarian Yankee_Doodle virus, like Eddie, originated from Bulgaria. It was created by TP, the same person behind the Vacsina virus. As such, it has similarities with Vacsina. Some even consider it a Vacsina variant, which causes infected systems to give off a beeping tone.
When the Bulgarian Yankee_Doodle virus is executed, it plays “Yankee Doodle” every day at 17:00. That’s why it also came to be known as the “five o’clock virus” and “TP44VIR.”
—
Tunneling viruses can be disruptive. But updating your antivirus solution to a version with its own tunneling capability can easily mitigate their effects.
A tunneling virus is any virus that gets installed before an antivirus can detect it. It executes without alerting the sensors of the operating system (OS) to avoid antivirus detection. A tunneling virus disables a computer's interception programs.
This virus attempts to bypass detection by antivirus scanner by installing itself in the interrupt handler chain. Interception programs, which remain in the background of an operating system and catch viruses, become disabled during the course of a tunneling virus.
DNS tunneling attacks exploit the DNS protocol to tunnel malware and other data through a client-server model. The attacker registers a domain, such as badsite.com. The domain's name server points to the attacker's server, where a tunneling malware program is installed.
Stealth viruses are not new. Brain, the first known virus to target IBM PCs, was a stealth virus that infected the boot sector of a floppy storage disk. Brain was created in Pakistan as an anti-piracy measure in 1986. Any virus that tries to avoid detection by antivirus software is considered a stealth virus.
A stealth virus is any virus that attacks while trying to avoid detection by antivirus software. It can strike partitions, boot sectors, or files in a computer, trying to remain unnoticed by the user. The stealth virus avoids detection by copying itself from one file to another and replacing itself with a “clean” file.
Tunneling or port forwarding is the transmission of data intended for use only within a private -- usually corporate -- network through a public network in such a way that the public network's routing nodes are unaware that the transmission is part of a private network.
Because tunneling involves repackaging the traffic data into a different form, perhaps with encryption as standard, it can hide the nature of the traffic that is run through a tunnel. The tunneling protocol works by using the data portion of a packet (the payload) to carry the packets that actually provide the service.
Tunneling is a method of discretely transmitting data across an otherwise public network. The transmission takes place using a public network; however, the data are intended for use only within a private network.
Device tunnel: Connects to specified VPN servers before users sign in to the device. Pre-sign-in connectivity scenarios and device management use a device tunnel. User tunnel: Connects only after users sign in to the device. By using user tunnels, you can access organization resources through VPN servers.
Payload analysis involves examining the actual data being transmitted in DNS queries and responses. This can be a very effective method for detecting DNS tunneling, as the data being transmitted in a tunneling scenario will often be quite different from that of a normal DNS query or response.
Fileless malware is an invisible threat that traditional security tools cannot detect. It may enter your system through exploits, compromised hardware, or regular execution of applications and scripts. These attacks are persistent and difficult to eradicate.
You can detect the virus by starting the system via a disk boot — to avoid systems the virus has control over — and then beginning an antivirus scan. However, even if detected here, there is a chance the virus has copied itself into another file on the system, so it remains a challenging virus to fully eradicate.
Metamorphic viruses are one of the most difficult types of viruses to detect. Such viruses change their internal structure, which provides an effective means of evading signature detection.
A Trojan (Trojan Horse) is a type of malware that disguises itself as a legitimate piece of software in order to convince a victim to install it. Once installed, the malware is able to perform its malicious activity in the background.
What is a worm? Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file.
A stealth virus is one that, while active, hides the modifications it has made to files or boot records. It usually achieves this by monitoring the system functions used to read files or sectors from storage media and forging the results of calls to such functions.
Introduction: My name is Stevie Stamm, I am a colorful, sparkling, splendid, vast, open, hilarious, tender person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.