How Viruses Hide: Polymorphic Code

Polymorphic viruses threw a new gauntlet down at the feet of anti-virus software makers. It makes detection of viruses several orders of magnitude more difficult than any other previous virus-hiding technique.

A polymorphic virus contains what is known as a polymorphic or mutating engine. This engine functions like a unique re-coding agent that modifies the virus on every infection or when certain criteria are met. The engine is programmed to re-program key parts of the virus such that they do the same things only via different code strings. This makes them harder to identify and crack.

A perfectly written polymorphic virus would share nothing identically with the same virus on a different machine. This is theoretically possible. And, would theoretically be unbeatable by an anti-virus program.

The rate at which some polymorphic viruses change varies for different reasons. In one scenario, a hacker might not want to virus to completely change over time or as fast as possible. It might change only upon certain actions. The benefit to this is that the virus doesn’t provide anti-virus researchers trying to identify and beat it with many samples of the poloymorphic virus to reverse engineer. This means it is less likely to be identified by a virus scanner for longer periods of time, thus doing more damage.

Next Up: Metamorphic Viruses

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email