Polymorphic virus

A polymorphic virus ( or also called polymorphic code or polymorphism ) is a virus that through a polymorphic engine mutates itself while keeping its original algorithm intact

Summary

[ hide ]

  • 1 Polymorphic virus
  • 2 Transcript of 3A23 Camouflage: Polymorphic Mechanisms
    • 1 Camouflage
  • 3 Infection method
  • 4 Sources

Polymorphic virus

By definition, a polymorphic virus ( or also called polymorphic code or polymorphism ) is a virus that through a polymorphic engine mutates itself while keeping its original algorithm intact, that is, keeping its prescribed functionality intact. This technique is commonly used by computer viruses and worms to hide their presence. Many antivirus productsand intrusion detection systems attempt to locate malicious programs by searching computer files and packets sent over a computer network. If that software finds code patterns that match a known threat, they take the appropriate steps to neutralize that threat. Polymorphic algorithms make it difficult to detect such malicious code by constantly modifying it. In most cases, malicious viruses that use polymorphism techniques do so together with encryption techniques, in those cases the malicious programmer uses encryption to avoid the detection of most of the code, and polymorphism techniques to modify the routine itself. decryption.

 

3A23 Camouflage Transcript: Polymorphic Mechanisms

Camouflage

Polymorphic mechanisms It is a technique to prevent viruses from being detected, varying the copy encryption method . This forces antivirus to use heuristic techniques since as the virus changes with each infection it is impossible to locate it by searching for strings of code. This is achieved by using an encryption algorithm that makes things very difficult for antivirus. However, the entire virus code cannot be encoded, a part must always remain unmutatedthat takes control and that is the most vulnerable part of the antivirus. Polymorphic viruses contain mechanisms that allow them to change their appearance with each infection. Additionally, it can change or randomly disseminate scripts that are not required for the virus to function. Therefore, these viruses can result in billions of variations of the same virus. The use of traditional virus descriptions (also called signatures) is often not sufficient to reliably detect and remove encoded polymorphic viruses. Usually special programs have to be created. These viruses are also called “mutants” .

Infection method

Polymorphic viruses work in the following way: They hide in a file and are loaded into memory when the infected file is executed. But unlike making an exact copy of themselves when they infect another file, they modify that copy to look different each time they infect a new file. Polymorphism is another of the capabilities of biological viruses applied to computer viruses . Famous virus writers, such as the Bulgarian known by the alias Dark Avenger, implemented polymorphic routines in their viruses. The polymorphism was achieved by encrypting the main code of the viruswith a non-constant key, using random sets of decryption, or using changing executable code with each run. These ways of making polymorphic code are the simplest; however, there are highly elaborate and exotic techniques. Polymorphism is nothing more than the ability to make more or less different copies of the original virus. This programming technique aims to make it more difficult to detect viruses, since antivirus software, to date (late 1980s , early 1990s ) looked for common hexadecimal patterns to detect viruses; upon encountering a polymorphic virus. 2 XOR 5 = 3 3 XOR 2 = 5 . In this case the key is number 9, but using a different key for each infection, a different encryption is obtained. Another way that is also widely used is to add a fixed number to each byte of the viral code.

 

by Abdullah Sam
I’m a teacher, researcher and writer. I write about study subjects to improve the learning of college and university students. I write top Quality study notes Mostly, Tech, Games, Education, And Solutions/Tips and Tricks. I am a person who helps students to acquire knowledge, competence or virtue.

Leave a Comment