(also polymorphic malware, metamorphic virus)
Polymorphic virus definition
A polymorphic virus is a complex form of malware that creates modified versions of itself (mutates) to avoid detection by security systems. Polymorphic viruses apply updates to their underlying code without changing the virus’ basic features or functions. These days, polymorphic viruses can change as frequently as 3 to 4 times a minute, altering their characteristics and mutating faster than security systems can keep up.
How polymorphic viruses spread
- Email spam. A malicious party can send a polymorphic virus to a user by email. Don’t open emails from unknown senders — and don’t click on suspicious links.
- Software. Downloads from unofficial websites may contain polymorphic viruses.
- Infected sites. Browsing through an unsafe site may infect your device with a polymorphic virus.
Examples of polymorphic viruses
- The Storm Worm. This virus uses social engineering techniques to get users to download a Trojan horse. The trojan infects their computers and opens a backdoor in the devices allowing hackers to control them remotely. Simultaneously, the Trojan horse installs a rootkit that hides the malicious program.
- VirLock. This virus can infect files, replicate itself numerous times, and change form. It can also lock the computer screen.
How to prevent polymorphic viruses
- Keep your software up to date. Software updates include important vulnerability fixes that may help prevent polymorphic virus infection.
- Heuristic scanning. Heuristic scanning looks for specific key components the threat has instead of an exact match.
- Behavior-based detection. Use tools that can identify threats based on how they act rather than their coding.