Polymorphic virus

on 1:45 PM

A virus is said to be polymorphic if its code appears to be different every time it replicates (though generally each replication of the virus is functionally identical). This is usually achieved by encrypting the body of the virus, and adding a decryption routine which is different for each replication. When a polymorphic virus replicates, a portion of the decryption code is modified.

A portion of virus generally called a mutation engine creates a random encryption key to encrypt the remainder of the virus. The key stored with, the virus, and the mutation engine itself is altered. When an infected program is invoked, the virus uses the stored random key to decrypt the virus. When the virus replicates, a different random key is selected.

Additionally, random, do-nothing blocks of code can be embedded in the program and are shuffled around to further vary the signature. In essence, it looks like a different program to virus scanners.

0 comments:

Post a Comment