Malware polymorphism

From Citizendium
Revision as of 09:46, 7 February 2009 by imported>Howard C. Berkowitz (New page: In the context of computer malware, '''malware polymorphism''', often phrased in the context of the malware itself such as '''polymorphic worm''' or '''polymorphic virus''', in order t...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

In the context of computer malware, malware polymorphism, often phrased in the context of the malware itself such as polymorphic worm or polymorphic virus, in order to hide itself from malware detection tools. A simple example would be a worm that contains malicious instructions, but inserts null instructions into the software payload, so:

  • Detection fails when looking for software of a specific length, because the number of null instructions is random in each copy
  • Detection fails when looking for a specific sequence of instruction that simply matches a pattern, and will not ignore null operations that change the content, but not the execution behavior, of the malware
Retrieved from "https://citizendium.org/wiki/index.php?title=Malware_polymorphism&oldid=579638"