Polymorphic virus

A polymorphic virus differs from a regular virus in the way it disguises itself. The program code of polymorphic malware is changed with each new infection using encryption. As many infections as there are variations of the same virus. But each modification, in fact, is a new instance of the virus.
Polymorphic viruses can use complex cryptographic algorithms for encryption. Therefore, for example, signature—based antivirus protection is powerless against advanced polymorphic malware – it’s like a vaccine that protects only against known flu mutations. To treat PCs from such polymorphic viruses, a complete decoding of their “body” is necessary.

Information security audit

Learn more

Polymorphic malware is usually classified by polymorphism levels. There are from four to six such levels. The simplest ones — oligomorphic viruses — have the same code sections by which they can be identified using signature databases. The most complex of viruses use permutation code: they are constantly changing at the level of subroutines — installer, cryptographer, interrupt handler, etc.

The latter type includes the relatively new virus Virut.ce, which is notable not so much for its malicious functionality as for its sophisticated mutation mechanism. It differs from other complex polymorphic viruses by regularly updating the source code.

The sources of infection are the same as those of ordinary viruses: email newsletters, infected sites, hacked software, physical media.

We use cookies to optimise website functionality and improve our services. To find out more, please read our Privacy Policy.
Cookies settings
Strictly necessary cookies
Analytics cookies