Polymorphic Viruses

by

Polymorphic Viruses

Polymorphic viruses try to evade detection by changing their byte pattern with each infection, so there is no constant byte sequence that an antivirus program can search for. Some polymorphic viruses use different encryption techniques for each infection. The term polymorphic comes from the Greek (polis, many; morphé, form), from ‘many forms’, and has been applied to viruses since the early nineties, when the first polymorphic viruses appeared. Polymorphism is applied by virus writers today, generally in worms and dynamic text email, and less frequently in classic viruses.

Present

At present, the number of virus creators has grown considerably, and in parallel the threats that these programmers put on the network. Computer viruses have several classifications, one of them, polymorphic viruses, are the most difficult to create and detect.

characteristics

These viruses are also called “mutants”. Polymorphic viruses hide in a file and are loaded into memory when the infected file is run. But unlike making an exact copy of themselves when they infect another file, they modify that copy to look different each time they infect a new file. Using these “mutation engines”, polymorphic viruses can generate thousands of different copies of themselves. Because of this, conventional trackers have failed to detect them. In fact, most of the currently used scanning tools still cannot detect these viruses.

Detection

There are some antiviruses that can detect polymorphic viruses by observing characteristic events that they must perform to survive and spread. Any virus, regardless of its characteristics, must do certain things to survive. For example, it must infect other files and reside in memory. Polymorphism is nothing more than the ability to make more or less different copies of the original virus. This programming technique aims to make virus detection more difficult, since antivirus software, to date (late 1980s, early 1990s) looked for common hexadecimal patterns to detect viruses; when finding a polymorphic virus, a localization routine could not be easily computed, making eradication of the virus very difficult.

Programming

Polymorphism is another of the capabilities of biological viruses applied to computer viruses. Famous virus writers, such as the Bulgarian known by the alias Dark Avenger, implemented polymorphic routines in their viruses.

Basically, polymorphism was achieved by encrypting the main virus code with a non-constant key, using random decryption sets, or using executable code changing with each execution. These ways of making polymorphic code are the simplest; however, there are highly elaborate and exotic techniques.

There are all kinds of polymorphic viruses: from boot sector viruses to macro viruses.

 

Related Posts:

by Abdullah Sam
I’m a teacher, researcher and writer. I write about study subjects to improve the learning of college and university students. I write top Quality study notes Mostly, Tech, Games, Education, And Solutions/Tips and Tricks. I am a person who helps students to acquire knowledge, competence or virtue.

Leave a Comment