What is a polymorphic virus?
A POLYMORPHIC virus is one which produces varied (yet fully operational) copies of itself, in the hope that virus scanners (see c1) will not be able to detect all instances of the virus. One method to evade signature-driven virus scanners is self-encryption with a variable key; however these viruses (e.g. Cascade) are not termed “polymorphic,” as their decryption code is always the same and thus can be used as a virus signature even by the simplest, signature- driven virus scanners (unless another virus or program uses the identical decryption routine). One method to make a polymorphic virus is to choose among a variety of different encryption schemes requiring different decryption routines: only one of these routines would be plainly visible in any instance of the virus (e.g. the Whale virus). A signature-driven virus scanner would have to exploit several signatures (one for each possible encryption method) to reliably identify a virus of this kind. A more sophisticated polymorphic vi
Polymorphic are very interesting cases. A POLYMORPHIC virus is one that produces varied but operational copies of itself. These strategies have been employed in the hope that virus scanners will not be able to detect all instances of the virus. One method of evading scan string-driven virus detectors is self-encryption with a variable key. These viruses (e.g. Cascade) are not termed “polymorphic”, as their decryption code is always the same. Therefore the decryptor can be used as a scan string by the simplest scan string-driven virus scanners (unless another virus uses the identical decryption routine and exact identification is required). A technique for making a polymorphic virus is to choose among a variety of ifferent encryption schemes requiring different decryption routines: only one of these routines would be plainly visible in any instance of the virus (e.g. the Whale virus). A scan string-driven virus scanner would have to exploit several scan strings (one for each possible de
A POLYMORPHIC virus is one that produces varied but operational copies of itself. These strategies have been employed in the hope that virus scanners (see D1) will not be able to detect all instances of the virus. One method of evading scan string-driven virus detectors is self- encryption with a variable key. These viruses (e.g. Cascade) are not termed “polymorphic”, as their decryption code is always the same. Therefore the decryptor can be used as a scan string by the simplest scan string-driven virus scanners (unless another virus uses the identical decryption routine *and* exact identification (see B15) is required). A technique for making a polymorphic virus is to choose among a variety of different encryption schemes requiring different decryption routines: only one of these routines would be plainly visible in any instance of the virus (e.g. the Whale virus). A scan string-driven virus scanner would have to exploit several scan strings (one for each possible decryption method)
