Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Polymorphic malware is a type of malware that constantly morphs, evolves or changes appearance to make it difficult for anti-malware programs to detect it. The evolution of the malware’s code usually occurs in different ways, such as changing the filename and performing encryption using variable keys. Polymorphic malware comes in the usual forms such as viruses, Trojans, worms or spyware.
The polymorphism in the code of polymorphic malware is meant to evade the pattern-matching detection that is done by security and anti-malware organizations during the investigative and detection process. Polymorphic in this context simply means "to change the appearance of" and is just meant to delay detection and not really evade it completely since the actions of the malware remain the same; hence it could still be detected through various signatures using memory-based signature detection.
To create a polymorphic malware, a mutation engine is bundled with the malware or other self-propagating code. The mutation engine then changes the appearance of the malware through encryption or by appending or pre-pending data.