Understanding Polymorphic Viruses

What is a Polymorphic Virus? 

To understand the threat posed by polymorphic viruses, imagine a shapeshifter, a threat that can adapt to every defence you throw at it and can constantly change form to avoid detection. In essence that is exactly what you are dealing with when it comes to polymorphic viruses. These viruses can produce self-replicating, malicious code that repeatedly changes its characteristics in order to evade your computer's defences and eventually cripple your system. 

Due to the unique nature of polymorphic viruses, signature-based detection tools are rendered useless, allowing the threat to continually increase in intensity. In 2014 a polymorphic virus, containing self-replicating ransomware, was discovered. Named VirLock, it was found to be capable of infecting files, replicating itself and changing form in addition to locking the computer screen of a host computer like a traditional piece of ransomware. 

How is Polymorphic Code Generated? 

Polymorphic code uses a polymorphic engine to mutate whilst keeping the original algorithm intact, meaning that the code changes itself every time it runs, but the function of the code remains the same. For example, the equations 4+3 and 8-1 both achieve the answer 7 but run with different machine codes in a central processing unit (CPU). Also, the mutation engine can alter the file names of the polymorphic code. Meaning that each time the code is installed on a new device or system, a brand new decryption routine is generated.  

Mitigating the Threat 

The problem with countering a threat such as a polymorphic virus is that conventional antivirus and threat detection programs rely on signature-based detection, which can be fooled thanks to the constantly changing nature of polymorphic viruses. However new security technologies that incorporate machine learning and behaviour-based analytics is an efficient way to identify anomalous behaviour. This is because machine learning monitors the function of a system and if even the slightest unusual behaviour was to occur it would be picked up.      

Behaviour-based detection is another means of countering threats such as polymorphic malware. This is a type of antivirus function that analyses the behaviour of a virus rather than only looking at its actual code. 

Heuristic Scanning is also an effective tool when it comes to threat detection. Instead of looking for an exact match to a known threat, heuristic scanning looks for certain crucial components the threat might share, increasing the chances of detecting and stopping a new variation of a virus. 

Caution is key when it comes to stopping the spread of polymorphic viruses. The initial infection of a system often occurs as a result of downloading an infected email attachment or visiting a website that has been compromised. Using good judgement is often the best line of defence, so steer clear of suspicious websites and don’t download file attachments you weren’t expecting.  

Keep your software updated; updates are released in the form of free software patches so be sure that you are installing them promptly. Hackers are continuously updating and refining their codes so there is a constant game of cat and mouse as hackers write code aimed at breaching flaws and vulnerabilities in your operating systems and software. 

What Can Securiwiser Do for You? 

Securiwiser is a continuous twenty-four-hour monitoring tool that will conduct daily scans of your network, systems, devices and website as well as emails to ensure your cyber security. If any threat is detected you will be notified immediately and a full report with the details of the identifying scan will be sent to you. You will be told how to fix the problem or where to turn if you can’t remedy the situation yourself. You will also receive grades based on how each aspect of your security is performing, so you know exactly what needs attention.