Which type of virus can rewrite its own code while maintaining its functionality?
Polymorphic viruses are complex file infectors that can create modified versions of itself to avoid detection yet retain the same basic routines after every infection. To vary their physical file makeup during each infection, polymorphic viruses encrypt their codes and use different encryption keys every time. Show
Polymorphic viruses rely on mutation engines to alter their decryption routines every time they infect a machine. This way, traditional security solutions may not easily catch them because they do not use a static, unchanging code. The use of complex mutation engines that generate billions of decryption routines make them even more difficult to detect. Polymorphic viruses are usually distributed via spam, infected sites, or through the use of other malware. URSNIF, VIRLOCK, VOBFUS, and BAGLE or UPolyX are some of the most notorious polymorphic viruses in existence. When combined with other malicious routines, polymorphic viruses pose even greater risk to its victims. In March 2015, researchers found that VIRLOCK evolved to include ransomware routines, making it a challenge to detect and remove. Back in 1990, a new strain of computer viruses emerged and entered the cybersecurity lexicon: polymorphic viruses. Thirty-plus years later, these nasty viruses continue to bedevil computer users, businesses and networks around the world. Essentially, polymorphic viruses were developed to evade early antivirus software. And in the decades since their creation, they have become even more complex and more of a threat to businesses. Today, a variety of polymorphic malware are deployed to hijack networks, destroy data, steal information and even trigger ransomware attacks. Here's what you need to know about the threat and how to avoid polymorphic malware. What Is a Polymorphic Virus?Polymorphic viruses are the chameleons of cybersecurity. They are designed to change their appearance or signature files to avoid detection by traditional antivirus software, which scans for specific files and looks for specific patterns. A polymorphic virus will continue changing its file names and physical location — not only after each infection, but as often as every 10 minutes.[1] To further evade cybersecurity efforts, polymorphic viruses will also constantly reset their encryption methods and keys. To do this, they generally use mutation engines that can change the software billions of times and alter decryption routines in the process. Attackers hope that by using such a strategy, even if the malware is detected, companies will not be able to locate subsequent infections and clean them from their systems. While polymorphic viruses may change their appearance, the associated malware and goals remain the same: steal information, disrupt a company's operations or perform one of many types of ransomware attacks. Today, polymorphic viruses have become standard weapons in the cybercriminal's arsenal. It has been estimated that 97% of all malware now employs some form of polymorphic virus.[2] Examples of Polymorphic MalwarePolymorphic viruses are usually spread using standard cyberattack techniques including spam, phishing emails, infected websites or other malware. Some of the more notorious polymorphic viruses include Ursnif (also known as Gozi), a banking Trojan; Vobfus, a Windows worm virus; and Bagle, an email worm. Combined with other forms of malware, such polymorphic viruses can be devastating. For example:
How to Know if Your Computer Is Infected with a Polymorphic VirusSo if polymorphic viruses can adopt nearly any appearance, how can you tell if a computer is afflicted with the virus? Fortunately, administrators can look for some telltale signs that a system is infected, including:
Best Practices to Prevent a Polymorphic Virus InfectionWhile polymorphic viruses present a wily adversary, companies can protect themselves by following a proven set of safe cybersecurity practices.
The Bottom LinePolymorphic viruses have a long history, and cybercriminals have had many years to develop more advanced techniques to hide their appearance and infections. Indeed, polymorphic malware is used extensively in all types of cyberattacks, including ransomware. By following tried and true cybersecurity practices, companies can stay one step ahead of the criminals. [1] “Polymorphic Virus,” TechTarget [2] “What Is the Polymorphic Virus?”, Kaspersky [3] “International Police Operation Targets Polymorphic Beebone Botnet,” Europol Which viruses can change its own code to avoid detection?Polymorphic viruses are complex file infectors that can create modified versions of itself to avoid detection yet retain the same basic routines after every infection.
What is it called when malware changes its code?Metamorphic malware completely rewrites every part of its code so that each newly propagated version no longer matches its previous iteration. Such constant and continuous changes make it harder to detect and identify this type of malware. Another striking difference is in the detection techniques applied.
What is polymorphic and metamorphic virus?A polymorphic virus, sometimes referred to as a metamorphic virus, is a type of malware that is programmed to repeatedly mutate its appearance or signature files through new decryption routines.
Which type of virus is hard to detect as it changes its own code to evade matching a virus signature?Polymorphic Virus:
A virus signature is a pattern that can identify a virus(a series of bytes that make up virus code). So in order to avoid detection by antivirus a polymorphic virus changes each time it is installed. The functionality of the virus remains the same but its signature is changed.
|