Imagine having a key that changes shape to fit any lock you might encounter. That’s pretty much what malware creators have at their disposal with polymorphic Virus.
Polymorphic Virus can damage registries or act as a Trojan that transforms a computer into a robot with no performance.Polymorphic viruses are complex file infectors that change physical forms, yet retain the same basic routines, after every infection. Such viruses typically encrypt their codes during each infection, altering their physical file makeup by varying encryption keys every time.
It has been around 1990. Polymorphic viruses have been mutating and “improving” ever since. Now, we are in the era of “advanced polymorphic viruses” or, as some call it, “aggressive polymorphism.” The viruses can often be impossible to detect until they’ve inflicted their damage or unleashed their payload.
polymorphism-Polymorphic virus
A tactic used by cybercriminals to prevent their malicious code from being detected is called “polymorphism”. A polymorphic virus is a shape-shifting virus using polymorphism. It uses a polymorphic engine to make the code mutate each time it runs while keeping the original purpose of the malware the same.
This computer virus is also called a “stealth virus”
If a security program(antivirus) relies solely on the signature to detect virus, it won’t be able to stop the polymorphic virus, which can self-replicate endlessly. It keeps on changing its code just enough to avoid matching the signature each time.
The best way to stay safe from polymorphic threats is with a security solution that detects malware using behavioral analysis or heuristics.
For traditional anti-virus programs, this is a problem because of their malware detection methods. Most anti-virus programs use a blacklist approach. This means they have a list of all the known bad programs/files and blocks them from running on your PC. However, as discussed earlier, these polymorphic viruses are always changing, which makes the latest version unknown. Thus, withholding the ability to bypass your anti-virus’s blacklisting technology.
One of the best ways to prevent this, is to find an anti-virus software that has a whitelisting technology. Meaning, it uses a list of all the known good programs and only allows them to run. By taking this backwards approach, the anti-virus software is able to effectively block polymorphic viruses because no matter what they change to, they still are not a known safe program.