These questions are derived from the Self Test Software Practice Test for (ISC)2’s CISSP exam.
Objective: Applications Security
SubObjective: Application and System Vulnerabilities and Threats
Single Answer, Multiple Choice
Which platform-independent virus is written in Visual Basic (VB) and is capable of infecting operating systems?
- Macro virus
- Stealth virus
- Self-garbling virus
- Polymorphic virus
A. Macro virus
Macro viruses are programs written in Word Basic, Visual Basic, or VBScript. Macro viruses are platform independent and pose a major threat because their underlying language is simple, and they are easy to develop. Macro viruses can infect operating systems and applications. They do not rely on the size of the packet. The ability of macro viruses to move from one operating system to the other allows them to spread more effectively than other types of viruses. Macro viruses are typically used with Microsoft Office products.
A stealth virus hides the changes it makes to system files and boot records, making it difficult for antivirus software to detect its presence. A stealth virus keeps a copy of a file before infecting it and presents the original copy to the monitoring software. The stealth virus modifies the actual file and makes it difficult to detect the presence of the virus.
A self-garbling virus can hide itself from antivirus software by manipulating its own code. When a self-garbling virus spreads, it jumbles and garbles its own code to prevent the antivirus software from detecting its presence. A small part of the virus code later decodes the jumbled part to obtain the rest of the virus code to infect the system. The ability of the self-garbling virus to format its own code makes it difficult for an antivirus to detect its presence.
A polymorphic virus produces different operational copies of itself to evade detection by the antivirus software. There should be multiple operational copies to ensure that in the event of an antivirus detection, only few copies are caught. A polymorphic virus is also capable of implementing encryption routines which will require different decryption routines to avoid detection.
Macro viruses written in Visual Basic for Applications almost exclusively affect operating systems.
CISSP All-In-One Exam Guide, Chapter 11: Applications and System Development, Virus, pp. 875-876.