Your IP: Unknown · Your Status: Unprotected Protected
Blog In Depth

The polymorphic virus: your antivirus’ worst nightmare

Feb 21, 2020 · 3 min read

The polymorphic virus: your antivirus’ worst nightmare

One of the reasons influenza – the common flu – can kill 300-600 thousand people every year is because the virus mutates rapidly, making existing vaccines less effective. With polymorphic viruses, hackers have taken a page from nature’s playbook. Find out how they work and how to stay safe below.

Polymorphic malware is a form of malware that “mutates” as it propagates to make it more difficult to detect and block. They are created with mutation engines that, when paired with self-propagating code, form a nasty cocktail that will regularly change its code. Reinforced by encryption to hide its code, a polymorphic piece of malware is almost undetectable. Any type of malware can be mutated with a polymorphic engine – trojans, worms, keyloggers, and more.

Examples of polymorphic malware

A particularly infamous polymorphic backdoor trojan – the Storm Worm discovered in 2007 – could alter its identity every 10 to 30 minutes. The speed of the change made it a headache for cyber-security experts trying to stamp out the threat.

Now, polymorphic malware can change as frequently as 3 to 4 times a minute. Many antivirus suites employ signature-based hunting techniques. This method struggles with finding something that can change its identity every few seconds. Some of the aforementioned security methods just can’t stay ahead of the game.

According to research from Webroot, Polymorphic malware makes up 94% of all malicious software. So how do we protect ourselves from this continuously-evolving threat?

How to prevent polymorphic malware infection

It has become necessary to have your devices protected with the most up-to-date security-ware if you want to browse the web in relative safety – especially when the enemy is armed with camouflaged viruses.

Here’s how to stay safe from the polymorphic plague:

  • Use heuristic scanning. Heuristic scanning is effective but only to a certain level – only if the polymorphic virus is comprised of coding from older malware. The catch to heuristic scanning – malware that has never been seen before won’t be recognized as harmful.
  • Use behavior-based detection. The go-to method for combating polymorphic malware is to use tools that can identify and deal with threats based on how they act instead of trying to dissect their coding. Antivirus software that features endpoint detection and response or advanced threat detection is worth investing in.
  • Keep everything up-to-date. Don’t keep sweeping that ‘updates available’ message under the rug. Take 10 minutes out of your day to reboot your device and make sure all software is updated. Entities like Adobe and Microsoft will regularly respond to security vulnerabilities by patching them up using software updates. Over-reliance on outdated software is a good way to leave yourself open for malware infection.
  • Don’t open up any suspicious links. Should you receive any emails that look a bit suspect, send it straight to the trash.
  • Educate yourself. The best way to prevent malware from breaching your digital defenses? Learn about different types of malware. Find out what the common signs of an infection are, what to look out for, and what to be suspicious of. Educate yourself on what exactly your antivirus suite protects you from. Are there any threats that aren’t covered? Time to fix that.

Subscribe to our NordVPN Newsletter and we’ll send you the latest cybersec insights from our blog every month.


Charles Whitmore
Charles Whitmore successVerified author

Charles is a content writer with a passion for online privacy and freedom of knowledge. A technophile with a weakness for full Smart Home integration – he believes everyone should strive to keep up-to-date with their cybersec.


Subscribe to NordVPN blog