Polymorphic code

Polymorphic code is the code that mutates while keeping the original algorithm intact. Polymorphic code was invented in 1992 by Dark Avenger as a mean to avoid pattern recognition from antivirus-software. Most often, a virus or worm that makes any attempt to hide its presence will do that by encrypting itself. However, before being executed at a remote computer, it obviously first needs to decrypt itself. In order to decrypt the virus or worm, some part of the code has to be delivered un-encrypted. Thus, while not being able to detect the actual virus or worm, the anti virus-software or intrusion detection system will still be able to detect the virus decryption engine. However, if the decryption engine is rewritten each time before it is transferred into a new computer (in the case of a worm/shellcode) or computer file (in the case of a virus), it becomes much harder for security software to detect the presence of the malicious program.

Advertisements