Polymorphic Malware

What Does Polymorphic Malware Mean?

Polymorphic malware is a type of malware that constantly morphs, evolves or changes appearance to make it difficult for anti-malware programs to detect it. The evolution of the malware’s code usually occurs in different ways, such as changing the filename and performing encryption using variable keys. Polymorphic malware comes in the usual forms such as viruses, Trojans, worms or spyware.

Advertisements

Techopedia Explains Polymorphic Malware

The polymorphism in the code of polymorphic malware is meant to evade the pattern-matching detection that is done by security and anti-malware organizations during the investigative and detection process. Polymorphic in this context simply means "to change the appearance of" and is just meant to delay detection and not really evade it completely since the actions of the malware remain the same; hence it could still be detected through various signatures using memory-based signature detection.

To create a polymorphic malware, a mutation engine is bundled with the malware or other self-propagating code. The mutation engine then changes the appearance of the malware through encryption or by appending or pre-pending data.

Advertisements

Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…