Can a polymorphic virus be a cryptovirus?
Certainly. If a polymorphic virus [Sl94,Bi03] contains and uses a public key then it is a cryptovirus. A polymorphic virus usually contains and uses a symmetric key for the purposes of obfuscating and de-obfuscating its own code. So, if this is the only cryptographic key it uses then it is not a cryptovirus. In laboratory experiments, Fred Cohen produced viruses that had no common sequences of over three bytes between each subsequent generation by using encryption [Co87,Co88]. Such viruses are called polymorphic viruses, otherwise known as evolutionary viruses. Numerous polymorphic viruses have appeared in the wild. For example, the Tremor virus is a polymorphic virus that has almost 6,000,000,000 forms [Sl94]. Polymorphic viruses often decrypt and then send control to the main portion of their code, called the virus body, at run-time. They may generate new keys periodically and produce new ciphertexts of their bodies to make virus detection more difficult. The body also contains code
