Understanding the Polymorphic Virus

While most people have at least heard of them, not everyone is familiar with the functionality and technical details of a computer virus.  The truth is that no two are exactly the same and their effects vary depending on design and implementation of code.  Some are more subtle and present an annoyance to the user while others pose catastrophic threats capable of destroying an entire operating system.  In either scenario, it is crucial that you take extreme measures to keep these infections away from your computer.

Taking Viruses to the Next Level

The polymorphic virus is one of the more complex computer threats.  During the process of infection, it creates slightly modified, fully functional copies of itself.  This is primarily done to elude the detection of a virus scanner as some are not able to identify different instances of an infection.  One method it commonly uses to bypass a scanner involves self-encryption performed with a variable key.  In order to create an effective polymorphic virus, a coder chooses from a number of different encryption schemes that require different methods of decryption, only one of which will remain plainly visible to all instances of the infection.  A virus scanner based on a string-driven detection would have to find many different strings, one for each probable decryption scheme.  This is the best technique for reliably identifying this type of virus.      

More advanced forms of the polymorphic virus alter the instruction sequences of their variants by interspersing decryption instructions with other instructions designed to fail the process of encryption.  It may also interchange mutually independent instructions to load inaccurate arbitrary values such as moving "0" to "A" or replacing "A" with "B".  A basic virus scanner would have no way to effectively identify all variants of the infection.  Even a more advanced program has to thoroughly research this type of various and make special configurations to their scanner in order to detect it.

The Big Brother of All Polymorphic Viruses

One of the most complex forms of the polymorphic virus known today relies on its MtE (Mutation Engine), which is essentially a type of object module.  The Mutation Engine allows any virus to reach a polymorphic state when implementing specific codes to the program source code and linking to modules able to generate random numbers.

The evolution of polymorphic viruses has made the jobs of many security experts much more difficult.  Adding more scan strings is often a frustrating and expensive task for software developers.  At the same time these additional implementations are needed as the average scanner simply isn't efficient enough to manage these type of viruses. 

You don't have to be a computer technician or an anti-virus expert to know these infections are bad news.  A virus of this nature can easily corrupt your system and go undetected for months; capable of rendering it inoperable if action is not taken in a timely fashion.  Your best defense lies in a scanner equipped with the latest virus definitions.  This will keep the infections out of your system and stop the madness of polymorphism dead in it's tracks

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Spyware has many ways of getting onto your computer, such as:

When you download programs - particularly freeware, or peer-to-peer sharing programs.

More covertly, spyware can install itself just by you visiting certain sites, by prompting you to download an application to see the site properly.

ActiveX controls. These pesky spyware makers will prompt you to install themselves while using your Internet browser