Metamorphic malware definition
Metamorphic malware is a type of malware that rewrites its code as it makes its way through a system. Unlike other types of malware that use encryption keys to obfuscate their code, metamorphic malware employs advanced techniques to change its structure and appearance without relying on encryption. This, in turn, enables it to avoid the pattern recognition abilities that antivirus software programs use.
Each time metamorphic malware changes its code, a new, more sophisticated version or instance of it is created. To create new instances of metamorphic malware, the authors use obfuscation techniques like register renaming, code permutation, code expansion, and code shrinking.
The way metamorphic malware works is it translates its own code and then rewrites it so that the following copies are different with each iteration. This way, no part of the malware stays the same and never returns to its original form. As a result, metamorphic malware is quite tricky to detect and identify.
See also: malicious code, pattern recognition
Protection against metamorphic malware
- Patch all system vulnerabilities.
- Upgrade all software, operating systems, and other programs regularly.
- Use multifactor authentication and change passwords often to prevent password-related attacks.
- Restrict access to sensitive data and systems.
- Use advanced anti-spam and anti-phishing software to detect, isolate, and remove suspicious emails.
- Implement proactive detection tools, like behavior based-based protection, to identify suspicious behaviors before they do significant damage.