Polymorphic Malware

Why Trust Techopedia

What Does Polymorphic Malware Mean?

Polymorphic malware is a type of malware that constantly morphs, evolves, or changes appearance to make it difficult for anti-malware programs to detect it.

Advertisements

The evolution of the malware’s code usually occurs in different ways, such as changing the filename and performing encryption using variable keys. Polymorphic malware comes in the usual forms such as viruses, Trojans, worms or spyware.

Techopedia Explains Polymorphic Malware

The polymorphism in the code of polymorphic malware is meant to evade the pattern-matching detection that is done by security and anti-malware organizations during the investigative and detection process.

Polymorphic in this context simply means “to change the appearance of” and is just meant to delay detection and not really evade it completely since the actions of the malware remain the same. It could still be detected through various signatures using memory-based signature detection or behavioral analysis techniques deployed by modern antivirus software.

To create a polymorphic malware, a mutation engine is bundled with the malware or other self-propagating code. The mutation engine then changes the appearance of the malware through encryption or by appending or pre-pending data.

Advertisements

Related Terms

Margaret Rouse
Technology expert
Margaret Rouse
Technology expert

Margaret is an award-winning writer and educator known for her ability to explain complex technical topics to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles in the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret’s idea of ​​a fun day is to help IT and business professionals to learn to speak each other’s highly specialized languages.