Content deleted Content added
Undid revision 918813445 by Ashtontink (talk) |
Restored revision 1219374385 by A Shortfall Of Gravitas (talk): Unsourced sample |
||
(30 intermediate revisions by 26 users not shown) | |||
Line 1:
{{Short description|Self-modifying program code designed to defeat anti-virus programs or reverse engineering}}
{{distinguish|Polymorphism (computer science)}}
{{refimprove|date=November 2010}}
In
[[Encryption]] is the most common method to hide code. With encryption, the main body of the code (also called its [[Payload (computing)|payload]]) is encrypted and will appear meaningless. For the code to function as before, a decryption function is added to the code. When the code is ''executed'', this function reads the payload and decrypts it before executing it in turn.
Encryption alone is not polymorphism. To gain polymorphic behavior, the encryptor/decryptor pair
== Malicious code ==
Line 13 ⟶ 14:
Malicious [[programmer]]s have sought to protect their encrypted code from this virus-scanning strategy by rewriting the unencrypted decryption engine (and the resulting encrypted payload) each time the virus or worm is propagated. Anti-virus software uses sophisticated pattern analysis to find underlying patterns within the different mutations of the decryption engine, in hopes of reliably detecting such [[malware]].
Emulation may be used to defeat polymorphic obfuscation by letting the malware demangle itself in a virtual environment before
The first known polymorphic virus was written by Mark Washburn. The virus, called [[1260 (computer virus)|1260]], was written in 1990. A better-known polymorphic virus was created in 1992 by the hacker [[Dark Avenger]]
== See also ==
* [[Metamorphic code]]
* [[Self-modifying code]]
* [[Alphanumeric
* [[Shellcode]]
* [[Obfuscated code]]
* [[Oligomorphic code]]
Line 87 ⟶ 28:
== References ==
<references/>
{{refbegin}}
*{{cite journal |author-link= |last=Spinellis
{{refend}}
[[Category:Types of malware]]
|