Don't miss an insight. Subscribe to Techopedia for free.


Polymorphic Malware

What Does Polymorphic Malware Mean?

Polymorphic malware is a type of malware that constantly morphs, evolves or changes appearance to make it difficult for anti-malware programs to detect it. The evolution of the malware’s code usually occurs in different ways, such as changing the filename and performing encryption using variable keys. Polymorphic malware comes in the usual forms such as viruses, Trojans, worms or spyware.


Techopedia Explains Polymorphic Malware

The polymorphism in the code of polymorphic malware is meant to evade the pattern-matching detection that is done by security and anti-malware organizations during the investigative and detection process. Polymorphic in this context simply means "to change the appearance of" and is just meant to delay detection and not really evade it completely since the actions of the malware remain the same; hence it could still be detected through various signatures using memory-based signature detection.

To create a polymorphic malware, a mutation engine is bundled with the malware or other self-propagating code. The mutation engine then changes the appearance of the malware through encryption or by appending or pre-pending data.


Related Terms