0

I'm currently studying malware techniques of replication to gather information for coding an antivirus. Could a malware (if run) create a duplicate of itself in the startup directory with the hidden file attribute therefor making it harder to detect by users, and if so how would they achieve this in code?

AntiVirusBRB
  • 3
  • 1
  • For the specific question here (how to set the hidden attribute), this is more appropriate for stack overflow. The broader question "How does malware hide itself" is way too broad - the answers would consume many PhD-thesis sized answers. Malware hides itself every possible place - by appending itself to legit files, by replacing legit files, by adding itself to system sounding places with system sounding names, by hiding itself in the directory structure, by placing itself in bad sectors, by adding itself to files that are interpreted (like docs) - this is a smallish sample set of ways – crovers Jan 11 '17 at 13:52
  • 1
    @crovers The question is too broad for Stack Overflow. To be well received there, it should show some code that tries to set the attribute, an explanation why it's not working (error message), and an explanation of what was tried to resolve the error. – S.L. Barth Jan 11 '17 at 14:22

1 Answers1

0

Yes, with appropriate vulnerability and privilege, a malware that attempts to hide itself from detection even by security programs is called a rootkit.

They can do this by modifying the operating system itself or sometimes the firmware in the hardware, so that the OS and hardware lies to the user and other programs. For example, a rootkit may replace the code in the kernel that returns directory listing to exclude its files.

Generally, a rootkit would have to somehow obtain administrator privilege first to install themselves deeply enough to become undetectable, usually through other vulnerabilities or by tricking the user into running it with administrator privilege.

Malware that runs at this level of stealth are very rare though, as they're difficult to write and most malware are successful enough even when they're not that stealthy.

Lie Ryan
  • 31,089
  • 6
  • 68
  • 93