NOTICE: Citizendium is still being set up on its newer server, treat as a beta for now; please see here for more.
Citizendium - a community developing a quality comprehensive compendium of knowledge, online and free. Click here to join and contribute—free
CZ thanks our previous donors. Donate here. Treasurer's Financial Report -- Thanks to our content contributors. --

Malware polymorphism

From Citizendium
Jump to: navigation, search
This article is a stub and thus not approved.
Main Article
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
This editable Main Article is under development and not meant to be cited; by editing it you can help to improve it towards a future approved, citable version. These unapproved articles are subject to a disclaimer.

In the context of computer malware, malware polymorphism, often phrased in the context of the malware itself such as polymorphic worm or polymorphic virus, in order to hide itself from malware detection tools (e.g., host intrusion detection system). A simple example would be a worm that contains malicious instructions, but inserts null instructions into the software payload, so:

  • Detection fails when looking for software of a specific length, because the number of null instructions is random in each copy
  • Detection fails when looking for a specific sequence of instructions that simply matches a pattern, and will not ignore null operations that change the content, but not the execution behavior, of the malware